ACL on WLAN
Helllo,
I have a ACL applied on a WLAN on a 2125 controller. I cannot get the older Cisco IPSec (Version 5.0.05.0290) client to work through the ACL and through the WLAN onto it's destination. When the Cisco IPSec client is on another unrestricted WLAN, it works. I have allowed TCP/UDP 500, 4500, TCP 10000 both directions and it fails. I can see the denys counters incrementing but cannot figure out what is being blocked. Any ideas?
it doesn't mention VPN pass through support on unsupported list for 2100.
Try, WLAN> security> Layer3> L3 security select vpn pass through option, if available. If the option NA then ACL should work for pass through.
http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00808b4c61.shtml
vpn pass through certainly not supported on 2500 and 5500 baed platform, however it can be achieved through ACL.
Similar Messages
-
Problem with roamingin in VoIP SSID...
Hi guys,
My client has a WLC 5508 with a two dosens of 1262s. I set SSID for the VoIP but when the client roams there is a loss of packest. The client is using Cisco phones. Any help will be appreciated.
Pete
(Cisco Controller) >show wlan 144
WLAN Identifier.................................. 144
Profile Name..................................... VoIP_Network
Network Name (SSID).............................. Inside_144
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 10
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ 144_v
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Platinum
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Disabled
WPA2 (RSN IE).............................. Disabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout................... 20
FT Over-The-Air mode....................... Enabled
FT Over-The-Ds mode........................ Enabled
GTK Randomization.......................... Enabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
Access Network type............................ Not configured
Network Authentication type.................... Not configured
Internet service............................... Disabled
HESSID......................................... 00:00:00:00:00:00
Hotspot 2.0.................................... Disabled
WAN Metrics configuration
Link status.................................. 0
Link symmetry................................ 0
Downlink speed............................... 0
Uplink speed................................. 0
Mobility Services Advertisement Protocol....... Disabled
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >debug client 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Nov 30 17:02:25.463: 2c:54:2d:ea:d4:0e Association received from mobile on AP 34:bd:c8:b2:b1:10
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 144, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 144, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e Processing WPA IE type 221, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e apfMsRunStateDec
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e apfMs1xStateDec
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Change state to START (0) last state RUN (20)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Initializing policy
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Change state to AUTHCHECK (2) last state RUN (20)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 AUTHCHECK (2) Change state to 8021X_REQD (3) last state RUN (20)
*pemReceiveTask: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 Removed NPU entry.
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) DHCP required on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2for this client
*apfMsConnTask_2: Nov 30 17:02:25.465: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2
*apfMsConnTask_2: Nov 30 17:02:25.465: 2c:54:2d:ea:d4:0e apfPemAddUser2 (apf_policy.c:268) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Associated to Associated
*apfMsConnTask_2: Nov 30 17:02:25.465: 2c:54:2d:ea:d4:0e Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_2: Nov 30 17:02:25.465: 2c:54:2d:ea:d4:0e Sending Assoc Response to station on BSSID 34:bd:c8:b2:b1:10 (status 0) ApVapId 2 Slot 0
*apfMsConnTask_2: Nov 30 17:02:25.465: 2c:54:2d:ea:d4:0e apfProcessAssocReq (apf_80211.c:6290) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Associated to Associated
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Creating a PKC PMKID Cache entry for station 2c:54:2d:ea:d4:0e (RSN 0)
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Setting active key cache index 0 ---> 8
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 0
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Initiating WPA PSK to mobile 2c:54:2d:ea:d4:0e
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Force Auth state
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Skipping EAP-Success to mobile 2c:54:2d:ea:d4:0e
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Starting key exchange to mobile 2c:54:2d:ea:d4:0e, data packets will be dropped
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Nov 30 17:02:25.990: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:25.990: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTK_START state (message 2) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:25.990: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:25.990: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.015: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.015: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state RUN (20)
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) DHCP required on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2for this client
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e apfMsRunStateInc
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Change state to RUN (20) last state RUN (20)
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Reached PLUMBFASTPATH: from line 5362
*Dot1x: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Adding Fast Path rule
type = Airespace AP Client
on AP 34:bd:c8:b2:b1:10, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255, IPv6 ACL ID = 2
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e Key exchange done, data packets from mobile 2c:54:2d:ea:d4:0e should be forwarded shortly
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
*spamApTask5: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e Sent EAPOL-Key M5 for mobile 2c:54:2d:ea:d4:0e
*pemReceiveTask: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e 10.123.201.4 Added NPU entry of type 1, dtlFlags 0x0
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.036: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.036: 2c:54:2d:ea:d4:0e Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.036: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e Association received from mobile on AP 34:bd:c8:b2:b1:10
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 144, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 144, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e Processing WPA IE type 221, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e apfMsRunStateDec
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e apfMs1xStateDec
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Change state to START (0) last state RUN (20)
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Initializing policy
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Change state to AUTHCHECK (2) last state RUN (20)
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 AUTHCHECK (2) Change state to 8021X_REQD (3) last state RUN (20)
*pemReceiveTask: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 Removed NPU entry.
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) DHCP required on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2for this client
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e apfPemAddUser2 (apf_policy.c:268) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Associated to Associated
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e Sending Assoc Response to station on BSSID 34:bd:c8:b2:b1:10 (status 0) ApVapId 2 Slot 0
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e apfProcessAssocReq (apf_80211.c:6290) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Associated to Associated
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Creating a PKC PMKID Cache entry for station 2c:54:2d:ea:d4:0e (RSN 0)
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Setting active key cache index 0 ---> 8
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 0
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Initiating WPA PSK to mobile 2c:54:2d:ea:d4:0e
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Force Auth state
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Skipping EAP-Success to mobile 2c:54:2d:ea:d4:0e
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Starting key exchange to mobile 2c:54:2d:ea:d4:0e, data packets will be dropped
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.422: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.422: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTK_START state (message 2) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.422: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.423: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state RUN (20)
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) DHCP required on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2for this client
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e apfMsRunStateInc
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Change state to RUN (20) last state RUN (20)
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Reached PLUMBFASTPATH: from line 5362
*Dot1x: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Adding Fast Path rule
type = Airespace AP Client
on AP 34:bd:c8:b2:b1:10, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255, IPv6 ACL ID = 2
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e Key exchange done, data packets from mobile 2c:54:2d:ea:d4:0e should be forwarded shortly
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
*spamApTask5: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e Sent EAPOL-Key M5 for mobile 2c:54:2d:ea:d4:0e
*pemReceiveTask: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e 10.123.201.4 Added NPU entry of type 1, dtlFlags 0x0
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.447: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.447: 2c:54:2d:ea:d4:0e Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.447: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*emWeb: Nov 30 17:03:46.162: Configuring IPv6 ACL for WLAN:144, aclName passed is NULL
*apfReceiveTask: Nov 30 17:03:46.173: 2c:54:2d:ea:d4:0e apfSendDisAssocMsgDebug (apf_80211.c:2162) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Associated to Disassociated
*apfReceiveTask: Nov 30 17:03:46.178: 2c:54:2d:ea:d4:0e Sent Disassociate to mobile on AP 34:bd:c8:b2:b1:10-0 (reason 1, caller apf_ms.c:5558)
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e Sent Deauthenticate to mobile on BSSID 34:bd:c8:b2:b1:10 slot 0(caller apf_ms.c:5678)
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e apfMsAssoStateDec
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e apfMsExpireMobileStation (apf_ms.c:5716) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Disassociated to Idle
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Deleted mobile LWAPP rule on AP [34:bd:c8:b2:b1:10]
*pemReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e 10.123.201.4 Removed NPU entry.
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e apfMsRunStateDec
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e apfMs1xStateDec
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e Deleting mobile on AP 34:bd:c8:b2:b1:10(0)Hi guys and Saravanan thank for the ideas....
the qualituy is getting better, not satisfactory for the customer though...
I have upgraded the firware as advised to 1.4.3 - I forgot to mention I have 7925g wifi phonee
I set the 802.1x + cckm with eap-fast and WPA2 and definately the quality of the calls got a huge improvement but still not enough. What can be the reason for the confinuing problems during roaming?
Guys, is it possible to set the CCKM without ACS (or WDS - i think that was the second option)
here is some output:
(Cisco Controller) show>wlan 3
WLAN Identifier.................................. 3
Profile Name..................................... test_wifi_144
Network Name (SSID).............................. test144
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 1
Exclusionlist.................................... Disabled
Session Timeout.................................. 65535 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ 144_v
--More-- or (q)uit
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Platinum
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Required
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... ap-cac-limit
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 2
DTIM period for 802.11b radio.................... 2
Radius Servers
--More-- or (q)uit
Authentication................................ 172.16.106.53 1645
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Enabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout................... 20
FT Over-The-Air mode....................... Enabled
FT Over-The-Ds mode........................ Enabled
--More-- or (q)uit
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
--More-- or (q)uit
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
Access Network type............................ Not configured
Network Authentication type.................... Not configured
Internet service............................... Disabled
HESSID......................................... 00:00:00:00:00:00
Hotspot 2.0.................................... Disabled
WAN Metrics configuration
Link status.................................. 0
Link symmetry................................ 0
Downlink speed............................... 0
Uplink speed................................. 0
Mobility Services Advertisement Protocol....... Disabled
(Cisco Controller) >debug client 2C542DEAD40E
*apfMsConnTask_3: Dec 07 13:55:49.522: 2c:54:2d:ea:d4:0e Adding mobile on LWAPP AP 34:bd:c8:b3:d9:f0(0)
*apfMsConnTask_3: Dec 07 13:55:49.522: 2c:54:2d:ea:d4:0e Association received from mobile on AP 34:bd:c8:b3:d9:f0
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 0 0 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Processing RSN IE type 48, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e CCKM: Mobile is using CCKM
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Received RSN IE with 0 PMKIDs from mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1for this client
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e apfMsAssoStateInc
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e apfPemAddUser2 (apf_policy.c:268) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b3:d9:f0 from Idle to Associated
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e Sending Assoc Response to station on BSSID 34:bd:c8:b3:d9:f0 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e apfProcessAssocReq (apf_80211.c:6290) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b3:d9:f0 from Associated to Associated
*dot1xMsgTask: Dec 07 13:55:49.525: 2c:54:2d:ea:d4:0e Disable re-auth, use PMK lifetime.
*dot1xMsgTask: Dec 07 13:55:49.525: 2c:54:2d:ea:d4:0e Station 2c:54:2d:ea:d4:0e setting dot1x reauth timeout = 65535
*dot1xMsgTask: Dec 07 13:55:49.525: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Connecting state
*dot1xMsgTask: Dec 07 13:55:49.525: 2c:54:2d:ea:d4:0e Sending EAP-Request/Identity to mobile 2c:54:2d:ea:d4:0e (EAP Id 1)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.574: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.574: 2c:54:2d:ea:d4:0e Received Identity Response (count=1) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.574: 2c:54:2d:ea:d4:0e EAP State update from Connecting to Authenticating for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.574: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Authenticating state
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.574: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.583: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.583: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=85) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.583: 2c:54:2d:ea:d4:0e WARNING: updated EAP-Identifier 1 ===> 85 for STA 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.583: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 85)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.591: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.591: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 85, EAP Type 3)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.591: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.602: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.602: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=86) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.602: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 86)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.621: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.621: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 86, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.621: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.625: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.625: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=87) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.625: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 87)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.653: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.653: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 87, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.653: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.655: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.655: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=89) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.655: 2c:54:2d:ea:d4:0e WARNING: updated EAP-Identifier 87 ===> 89 for STA 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.655: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 89)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.671: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.671: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 89, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.671: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.676: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.676: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=90) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.676: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 90)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.691: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.691: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 90, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.691: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.702: 2c:54:2d:ea:d4:0e Processing Access-Accept for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Resetting web IPv4 acl from 255 to 255
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Username entry (test960) created for mobile, length = 253
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Username entry (test960) created in mscb for mobile, length = 253
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Setting re-auth timeout to 65535 seconds, got from WLAN config.
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Station 2c:54:2d:ea:d4:0e setting dot1x reauth timeout = 65535
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Creating a PKC PMKID Cache entry for station 2c:54:2d:ea:d4:0e (RSN 2)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Resetting MSCB PMK Cache Entry 0 for station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Adding BSSID 34:bd:c8:b3:d9:f0 to PMKID cache at index 0 for station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: New PMKID: (16)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: [0000] ab 8f b5 75 ad c5 8e af 50 0d ce 4a f1 7b 16 9e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Disabling re-auth since PMK lifetime can take care of same.
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e CCKM: Create a global PMK cache entry
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Sending EAP-Success to mobile 2c:54:2d:ea:d4:0e (EAP Id 90)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: [0000] ab 8f b5 75 ad c5 8e af 50 0d ce 4a f1 7b 16 9e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Starting key exchange to mobile 2c:54:2d:ea:d4:0e, data packets will be dropped
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Entering Backend Auth Success state (id=90) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Received Auth Success while in Authenticating state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.704: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Authenticated state
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTK_START state (message 2) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: 2c:54:2d:ea:d4:0e CCKM: Sending cache add
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: CCKM: Sending CCKM PMK (Version_1) information to mobility group
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: CCKM: Sending CCKM PMK (Version_2) information to mobility group
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 L2AUTHCOMPLETE (4) DHCP Not required on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1for this client
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5253, Adding TMP rule
*Dot1x_NW_MsgTask_: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 34:bd:c8:b3:d9:f0, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255, IPv
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*apfReceiveTask: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4891, Adding TMP rule
*apfReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
type = Airespace AP - Learn IP address
on AP 34:bd:c8:b3:d9:f0, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255,
*apfReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*apfReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*pemReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e Sent an XID frame
*pemReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e Sent an XID frame
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP received op BOOTREQUEST (1) (len 556,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 0.0.0.0 VLAN: 0
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP selected relay 1 - 172.16.100.121 (local address 10.123.200.15, gateway 10.123.200.1, VLAN 144, port 1)
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 10.123.200.15
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP requested ip: 10.123.205.33
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP ARPing for 10.123.200.1 (SPA 10.123.200.15, vlanId 144)
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 10.123.200.15 VLAN: 144
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP selected relay 2 - 172.16.100.122 (local address 10.123.200.15, gateway 10.123.200.1, VLAN 144, port 1)
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 2
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 10.123.200.15
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP requested ip: 10.123.205.33
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP ARPing for 10.123.200.1 (SPA 10.123.200.15, vlanId 144)
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP received op BOOTREQUEST (1) (len 556,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 10.123.200.15 VLAN: 144
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP selected relay 1 - 172.16.100.121 (local address 10.123.200.15, gateway 10.123.200.1, VLAN 144, port 1)
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 10.123.200.15
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP requested ip: 10.123.205.33
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP sending REQUEST to 10.123.200.1 (len 374, port 1, vlan 144)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 10.123.200.15 VLAN: 144
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP selected relay 2 - 172.16.100.122 (local address 10.123.200.15, gateway 10.123.200.1, VLAN 144, port 1)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 2
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 10.123.200.15
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP requested ip: 10.123.205.33
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP sending REQUEST to 10.123.200.1 (len 374, port 1, vlan 144)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP received op BOOTREPLY (2) (len 322,vlan 144, port 1, encap 0xec00)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP setting server from OFFER (server 172.16.100.121, yiaddr 10.123.201.4)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP sending REPLY to STA (len 430, port 1, vlan 0)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP OFFER (2)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 10.123.201.4
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP server id: 1.1.1.1 rcvd server id: 172.16.100.121
*DHCP Socket Task: Dec 07 13:55:52.514: 2c:54:2d:ea:d4:0e DHCP received op BOOTREPLY (2) (len 322,vlan 144, port 1, encap 0xec00)
*DHCP Socket Task: Dec 07 13:55:52.514: 2c:54:2d:ea:d4:0e DHCP dropping OFFER from 172.16.100.122 (yiaddr 10.123.205.33)
*DHCP Socket Task: Dec 07 13:55:52.523: 2c:54:2d:ea:d4:0e DHCP received op BOOTREQUEST (1) (len 556,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Dec 07 13:55:52.523: 2c:54:2d:ea:d4:0e DHCP selecting relay 1 - control block settings:
dhcpServer: 172.16.100.121, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 10.123.200.15 VLAN: 144
*DHCP Socket Task: Dec 07 13:55:52.523: 2c:54:2d:ea:d4:0e DHCP selected relay 1 - 172.16.100.121 (local address 10.123.200.15, gateway 10.123.200.1, VLAN 144, port 1)
*DHCP Socket Task: Dec 07 13:55:52.523: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP REQUEST (3)
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 10.123.200.15
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP requested ip: 10.123.201.4
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP server id: 172.16.100.121 rcvd server id: 1.1.1.1
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP sending REQUEST to 10.123.200.1 (len 382, port 1, vlan 144)
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP selecting relay 2 - control block settings:
dhcpServer: 172.16.100.121, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 10.123.200.15 VLAN: 144
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP selected relay 2 - NONE
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP received op BOOTREPLY (2) (len 322,vlan 144, port 1, encap 0xec00)
*DHCP Socket Task: Dec 07 13:55:52.525: 2c:54:2d:ea:d4:0e Static IP client associated to interface 144_v which can support client subnet.
*DHCP Socket Task: Dec 07 13:55:52.525: 2c:54:2d:ea:d4:0e apfMsRunStateInc
*DHCP Socket Task: Dec 07 13:55:52.525: 2c:54:2d:ea:d4:0e 10.123.201.4 DHCP_REQD (7) Change state to RUN (20) last state RUN (20)
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Reached PLUMBFASTPATH: from line 5776
*DHCP Soc: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Replacing Fast Path rule
type = Airespace AP Client
on AP 34:bd:c8:b3:d9:f0, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255, IPv6 ACL ID
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e Assigning Address 10.123.201.4 to mobile
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP success event for client. Clearing dhcp failure count for interface 144_v.
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP sending REPLY to STA (len 430, port 1, vlan 0)
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP ACK (5)
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 10.123.201.4
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:52.527: 2c:54:2d:ea:d4:0e DHCP server id: 1.1.1.1 rcvd server id: 172.16.100.121
*pemReceiveTask: Dec 07 13:55:52.527: 2c:54:2d:ea:d4:0e 10.123.201.4 Added NPU entry of type 1, dtlFlags 0x10
*pemReceiveTask: Dec 07 13:55:52.527: 2c:54:2d:ea:d4:0e Sending a gratuitous ARP for 10.123.201.4, VLAN Id 144
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Association received from mobile on AP 34:bd:c8:b3:d9:f0
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Processing RSN IE type 48, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e CCKM: Mobile is using CCKM
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Received RSN IE with 0 PMKIDs from mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Removing BSSID 34:bd:c8:b3:d9:f0 from PMKID cache of station 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Resetting MSCB PMK Cache Entry 0 for station 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Setting active key cache index 0 ---> 8
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e apfMsRunStateDec
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e apfMs1xStateDec
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Change state to START (0) last state RUN (20)
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Initializing policy
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Change state to AUTHCHECK (2) last state RUN (20)
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 AUTHCHECK (2) Change state to 8021X_REQD (3) last state RUN (20)
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) DHCP required on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1for this client
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e apfPemAddUser2 (apf_policy.c:268) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b3:d9:f0 from Associated to Associated
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e Sending Assoc Response to station on BSSID 34:bd:c8:b3:d9:f0 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e apfProcessAssocReq (apf_80211.c:6290) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b3:d9:f0 from Associated to Associated
*dot1xMsgTask: Dec 07 13:57:01.512: 2c:54:2d:ea:d4:0e Disable re-auth, use PMK lifetime.
*dot1xMsgTask: Dec 07 13:57:01.512: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Connecting state
*dot1xMsgTask: Dec 07 13:57:01.512: 2c:54:2d:ea:d4:0e Sending EAP-Request/Identity to mobile 2c:54:2d:ea:d4:0e (EAP Id 1)
*pemReceiveTask: Dec 07 13:57:01.513: 2c:54:2d:ea:d4:0e 10.123.201.4 Removed NPU entry.
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.654: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.654: 2c:54:2d:ea:d4:0e Received Identity Response (count=1) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.654: 2c:54:2d:ea:d4:0e EAP State update from Connecting to Authenticating for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.654: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Authenticating state
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.654: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.684: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.684: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=86) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.684: 2c:54:2d:ea:d4:0e WARNING: updated EAP-Identifier 1 ===> 86 for STA 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.684: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 86)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.695: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.695: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 86, EAP Type 3)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.695: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.699: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.699: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=87) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.699: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 87)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.806: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.806: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 87, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.806: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.809: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.809: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=88) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.809: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 88)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.874: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.874: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 88, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.874: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.880: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.880: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=90) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.880: 2c:54:2d:ea:d4:0e WARNING: updated EAP-Identifier 88 ===> 90 for STA 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.880: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 90)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.903: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.903: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 90, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.903: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.909: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.909: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=91) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.909: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 91)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.061: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.061: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 91, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.061: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.076: 2c:54:2d:ea:d4:0e Processing Access-Accept for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.076: 2c:54:2d:ea:d4:0e Resetting web IPv4 acl from 255 to 255
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.076: 2c:54:2d:ea:d4:0e Setting re-auth timeout to 65535 seconds, got from WLAN config.
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Station 2c:54:2d:ea:d4:0e setting dot1x reauth timeout = 65535
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Creating a PKC PMKID Cache entry for station 2c:54:2d:ea:d4:0e (RSN 2)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Resetting MSCB PMK Cache Entry 0 for station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Adding BSSID 34:bd:c8:b3:d9:f0 to PMKID cache at index 0 for station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: New PMKID: (16)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: [0000] 16 bf c0 3e 07 00 79 b1 51 ca d3 47 44 69 1b a1
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Disabling re-auth since PMK lifetime can take care of same.
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e CCKM: Create a global PMK cache entry
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Sending EAP-Success to mobile 2c:54:2d:ea:d4:0e (EAP Id 91)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: [0000] 16 bf c0 3e 07 00 79 b1 51 ca d3 47 44 69 1b a1
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Starting key exchange to mobile 2c:54:2d:ea:d4:0e, data packets will be dropped
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Entering Backend Auth Success state (id=91) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Received Auth Success while in Authenticating state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Authenticated state
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTK_START state (message 2) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: 2c:54:2d:ea:d4:0e CCKM: Sending cache add
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: CCKM: Sending CCKM PMK (Version_1) information to mobility group
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: CCKM: Sending CCKM PMK (Version_2) information to mobility group
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state RUN (20)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) DHCP required on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1for this client
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e apfMsRunStateInc
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Change state to RUN (20) last state RUN (20)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Reached PLUMBFASTPATH: from line 5362
*Dot1x: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Adding Fast Path rule
type = Airespace AP Client
on AP 34:bd:c8:b3:d9:f0, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255, IPv6 ACL ID = 2
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*pemReceiveTask: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e 10.123.201.4 Added NPU entry of type 1, dtlFlags 0x0
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e CCKM: Received REASSOC REQ IE
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e Reassociation received from mobile on AP 34:bd:c8:b2:b1:10
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Processing RSN IE type 48, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e CCKM: Mobile is using CCKM
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Received RSN IE with 0 PMKIDs from mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Removing BSSID 34:bd:c8:b3:d9:f0 from PMKID cache of station 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Resetting MSCB PMK Cache Entry 0 for station 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Setting active key cache index 0 ---> 8
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e CCKM: Processing REASSOC REQ IE
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e CCKM: using HMAC SHA1 to compute MIC
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e CCKM: Received a valid REASSOC REQ IE
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e CCKM: Initializing PMK cache entry with a new PTK
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Resetting MSCB PMK Cache Entry 0 for station 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 0
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Creating a PKC PMKID Cache entry for station 2c:54:2d:ea:d4:0e (RSN 2) on BSSID 34:bd:c8:b3:d9:f0
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Setting active key cache index 0 ---> 8
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e CCKM: using HMAC SHA1 to compute MIC
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Including CCKM Response IE (length 54) in Assoc Resp to mobile
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Sending Assoc Response to station on BSSID 34:bd:c8:b2:b1:10 (status 202) ApVapId 1 Slot 0
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Scheduling deletion of Mobile Station: (callerId: 22) in 3 seconds
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Association received from mobile on AP 34:bd:c8:b3:d9:f0
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Processing RSN IE type 48, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e CCKM: Mobile is using CCKM
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Received RSN IE with 0 PMKIDs from mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e apfMsRunStateDec
*apfMsConnTask_3: Dec 07 13:57:04.926: 2c:54:2d:ea:d4:0e apfMs1xStateDec
*apfMsConnTask_3: Dec 07 13:57:04.926: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Change state to START (0) last state RUN (20) -
Wireless clients don't receive IP addresses (DHCP)
Hello,
I have a 3502i ap and a WLC 5508, software version 8.0.100.0, currently under configuration. After following configuration guides and trying to get clients to function on the wireless network, I came to a roadblock with the client being recognized by the controller but not receiving an IP address. I get a "Acquiring network address" whenever I try to connect on the client laptop and it doesn't move from there. The WLC does recognize the client's MAC address, but the IP reads 0.0.0.0.
On the WLAN, I don't have Layer 2 or Layer 3 security turned on. I have clients for the Interface/Interfaces Group(G). I do not have the DHCP Override radio button turned on because it's to my understanding it is for internal DHCP, which is disabled. As for the Controller, the interface named "clients" is on a seperate vlan than the management and APs. The primary and secondary DHCP servers on this interface are the client vlan's IP and the helper address on the vlan (the helper address points to a GUI accessible Infoblox, which has a scope of available IPs). DHCP proxy is disabled and so is option 82. I have no form of IPv6 turned on that I could check for. I'm not sure if it's hurting, but the same DHCP parameters are set for the management interface; it's just the interface itself is set for a different subnet.
I tried to search through this forum for the answer, but it seems each situation is unique and with different variables involved. Or at least I'm interpeting them differently.David,
In the above response to Steven Rodriguez, I posted the >show interface results. Pasted below here are the debug results:
*DHCP Socket Task: Dec 15 14:32:59.747: 00:0e:35:0a:0c:35 DHCP successfully bridged packet to DS
*emWeb: Dec 16 13:56:51.818: Configuring IPv6 ACL for WLAN:2, aclName passed is NULL
*apfMsConnTask_7: Dec 16 13:57:04.257: 00:0e:35:0a:0c:35 Processing assoc-req station:00:0e:35:0a:0c:35 AP:70:10:5c:b0:b3:20-00 thread:150e50c0
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 Adding mobile on LWAPP AP 70:10:5c:b0:b3:20(0)
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 Association received from mobile on BSSID 70:10:5c:b0:b3:21 AP 1622_1st
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 Global 200 Clients are allowed to AP radio
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 Max Client Trap Threshold: 0 cur: 0
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 override for default ap group, marking intgrp NULL
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 Re-applying interface policy for client
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2385)
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2406)
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 In processSsidIE:5680 setting Central switched to TRUE
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 In processSsidIE:5683 apVapId = 2 and Split Acl Id = 65535
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 Applying site-specific Local Bridging override for station 00:0e:35:0a:0c:35 - vapId 2, site 'default-group', interface 'clients'
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 Applying Local Bridging Interface Policy for station 00:0e:35:0a:0c:35 - vlan 13, interface id 12, interface 'clients'
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 STA - rates (8): 130 132 139 12 18 150 24 36 0 0 0 0 0 0 0 0
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_7: Dec 16 13:57:04.258: 00:0e:35:0a:0c:35 STA - rates (12): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state AUTHCHECK (2)
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 Sending 11w Flag 0 for Client 00:0E:35:0A:0C:35
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 70:10:5c:b0:b3:20 vapId 2 apVapId 2 flex-acl-name:
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 apfMsAssoStateInc
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 apfMsOpenStateInc
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 apfPemAddUser2 (apf_policy.c:352) Changing state for mobile 00:0e:35:0a:0c:35 on AP 70:10:5c:b0:b3:20 from Idle to Associated
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 apfPemAddUser2:session timeout forstation 00:0e:35:0a:0c:35 - Session Tout 1800, apfMsTimeOut '1800' and sessionTimerRunning flag is 0
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 Sending assoc-resp with status 0 station:00:0e:35:0a:0c:35 AP:70:10:5c:b0:b3:20-00 on apVapId 2
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 Sending Assoc Response to station on BSSID 70:10:5c:b0:b3:21 (status 0) ApVapId 2 Slot 0
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 apfProcessAssocReq (apf_80211.c:9452) Changing state for mobile 00:0e:35:0a:0c:35 on AP 70:10:5c:b0:b3:20 from Associated to Associated
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 Mobility query, PEM State: DHCP_REQD
*apfMsConnTask_7: Dec 16 13:57:04.259: 00:0e:35:0a:0c:35 Building Mobile Announce :
*apfMsConnTask_7: Dec 16 13:57:04.260: 00:0e:35:0a:0c:35 Building Client Payload:
*apfMsConnTask_7: Dec 16 13:57:04.260: 00:0e:35:0a:0c:35 Client Ip: 0.0.0.0
*apfMsConnTask_7: Dec 16 13:57:04.260: 00:0e:35:0a:0c:35 Client Vlan Ip: 10.10.3.254 Vlan mask : 255.255.255.0
*apfMsConnTask_7: Dec 16 13:57:04.260: 00:0e:35:0a:0c:35 Client Vap Security: 0
*apfMsConnTask_7: Dec 16 13:57:04.260: 00:0e:35:0a:0c:35 Virtual Ip: 1.1.1.1
*apfMsConnTask_7: Dec 16 13:57:04.260: 00:0e:35:0a:0c:35 ssid: Diddly
*apfMsConnTask_7: Dec 16 13:57:04.260: 00:0e:35:0a:0c:35 Building VlanIpPayload.
*apfReceiveTask: Dec 16 13:57:04.260: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) mobility role update request from Unassociated to Local
Peer = 0.0.0.0, Old Anchor = 0.0.0.0, New Anchor = 10.10.6.128
*apfReceiveTask: Dec 16 13:57:04.260: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: Dec 16 13:57:04.260: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 6102, Adding TMP rule
*apfReceiveTask: Dec 16 13:57:04.260: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 70:10:5c:b0:b3:20, slot 0, interface = 1, QOS = 0
IPv4 ACL ID = 255, IPv
*apfReceiveTask: Dec 16 13:57:04.260: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206, IntfId = 12 Local Bridging Vlan = 13, Local Bridging intf id = 12
*apfReceiveTask: Dec 16 13:57:04.260: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*apfReceiveTask: Dec 16 13:57:04.260: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*apfReceiveTask: Dec 16 13:57:04.260: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*apfReceiveTask: Dec 16 13:57:04.260: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*pemReceiveTask: Dec 16 13:57:04.261: 00:0e:35:0a:0c:35 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Dec 16 13:57:04.261: 00:0e:35:0a:0c:35 Sent an XID frame
*apfMsConnTask_7: Dec 16 13:57:04.264: 00:0e:35:0a:0c:35 Processing assoc-req station:00:0e:35:0a:0c:35 AP:70:10:5c:b0:b3:20-00 thread:150e50c0
*apfMsConnTask_7: Dec 16 13:57:04.318: 00:0e:35:0a:0c:35 Processing assoc-req station:00:0e:35:0a:0c:35 AP:70:10:5c:b0:b3:20-00 thread:150e50c0
*apfMsConnTask_7: Dec 16 13:57:04.318: 00:0e:35:0a:0c:35 Association received from mobile on BSSID 70:10:5c:b0:b3:21 AP 1622_1st
*apfMsConnTask_7: Dec 16 13:57:04.318: 00:0e:35:0a:0c:35 Global 200 Clients are allowed to AP radio
*apfMsConnTask_7: Dec 16 13:57:04.318: 00:0e:35:0a:0c:35 Max Client Trap Threshold: 0 cur: 1
*apfMsConnTask_7: Dec 16 13:57:04.318: 00:0e:35:0a:0c:35 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_7: Dec 16 13:57:04.318: 00:0e:35:0a:0c:35 override for default ap group, marking intgrp NULL
*apfMsConnTask_7: Dec 16 13:57:04.318: 00:0e:35:0a:0c:35 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 13
*apfMsConnTask_7: Dec 16 13:57:04.318: 00:0e:35:0a:0c:35 Re-applying interface policy for client
*apfMsConnTask_7: Dec 16 13:57:04.318: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2385)
*apfMsConnTask_7: Dec 16 13:57:04.318: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2406)
*apfMsConnTask_7: Dec 16 13:57:04.318: 00:0e:35:0a:0c:35 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_7: Dec 16 13:57:04.318: 00:0e:35:0a:0c:35 In processSsidIE:5680 setting Central switched to TRUE
*apfMsConnTask_7: Dec 16 13:57:04.318: 00:0e:35:0a:0c:35 In processSsidIE:5683 apVapId = 2 and Split Acl Id = 65535
*apfMsConnTask_7: Dec 16 13:57:04.318: 00:0e:35:0a:0c:35 Applying site-specific Local Bridging override for station 00:0e:35:0a:0c:35 - vapId 2, site 'default-group', interface 'clients'
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 Applying Local Bridging Interface Policy for station 00:0e:35:0a:0c:35 - vlan 13, interface id 12, interface 'clients'
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 STA - rates (8): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 STA - rates (12): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 apfMs1xStateDec
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Change state to START (0) last state DHCP_REQD (7)
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state AUTHCHECK (2)
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 Sending 11w Flag 0 for Client 00:0E:35:0A:0C:35
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 70:10:5c:b0:b3:20 vapId 2 apVapId 2 flex-acl-name:
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) pemApfAddMobileStation2 3735, Adding TMP rule
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 70:10:5c:b0:b3:20, slot 0, interface = 1, QOS = 0
IPv4 ACL ID = 255, IPv
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206, IntfId = 12 Local Bridging Vlan = 13, Local Bridging intf id = 12
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*apfMsConnTask_7: Dec 16 13:57:04.319: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*apfMsConnTask_7: Dec 16 13:57:04.320: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*apfMsConnTask_7: Dec 16 13:57:04.320: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*apfMsConnTask_7: Dec 16 13:57:04.320: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) pemApfAddMobileStation2 3923, Adding TMP rule
*apfMsConnTask_7: Dec 16 13:57:04.320: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
type = Airespace AP - Learn IP address
on AP 70:10:5c:b0:b3:20, slot 0, interface = 1, QOS = 0
IPv4 ACL ID = 255,
*apfMsConnTask_7: Dec 16 13:57:04.320: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206, IntfId = 12 Local Bridging Vlan = 13, Local Bridging intf id = 12
*apfMsConnTask_7: Dec 16 13:57:04.320: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*apfMsConnTask_7: Dec 16 13:57:04.320: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*apfMsConnTask_7: Dec 16 13:57:04.320: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*apfMsConnTask_7: Dec 16 13:57:04.320: 00:0e:35:0a:0c:35 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*apfMsConnTask_7: Dec 16 13:57:04.320: 00:0e:35:0a:0c:35 apfPemAddUser2 (apf_policy.c:352) Changing state for mobile 00:0e:35:0a:0c:35 on AP 70:10:5c:b0:b3:20 from Associated to Associated
*apfMsConnTask_7: Dec 16 13:57:04.320: 00:0e:35:0a:0c:35 apfPemAddUser2:session timeout forstation 00:0e:35:0a:0c:35 - Session Tout 1800, apfMsTimeOut '1800' and sessionTimerRunning flag is 0
*apfMsConnTask_7: Dec 16 13:57:04.320: 00:0e:35:0a:0c:35 Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_7: Dec 16 13:57:04.320: 00:0e:35:0a:0c:35 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
*pemReceiveTask: Dec 16 13:57:04.320: 00:0e:35:0a:0c:35 0.0.0.0 Removed NPU entry.
*apfMsConnTask_7: Dec 16 13:57:04.320: 00:0e:35:0a:0c:35 Sending assoc-resp with status 0 station:00:0e:35:0a:0c:35 AP:70:10:5c:b0:b3:20-00 on apVapId 2
*apfMsConnTask_7: Dec 16 13:57:04.320: 00:0e:35:0a:0c:35 Sending Assoc Response to station on BSSID 70:10:5c:b0:b3:21 (status 0) ApVapId 2 Slot 0
*apfMsConnTask_7: Dec 16 13:57:04.320: 00:0e:35:0a:0c:35 apfProcessAssocReq (apf_80211.c:9452) Changing state for mobile 00:0e:35:0a:0c:35 on AP 70:10:5c:b0:b3:20 from Associated to Associated
*pemReceiveTask: Dec 16 13:57:04.321: 00:0e:35:0a:0c:35 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Dec 16 13:57:04.321: 00:0e:35:0a:0c:35 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*DHCP Socket Task: Dec 16 13:57:07.372: 00:0e:35:0a:0c:35 DHCP received op BOOTREQUEST (1) (len 312,vlan 16, port 1, encap 0xec03)
*DHCP Socket Task: Dec 16 13:57:07.372: 00:0e:35:0a:0c:35 DHCP (encap type 0xec03) mstype 0ff:ff:ff:ff:ff:ff
*DHCP Socket Task: Dec 16 13:57:07.372: 00:0e:35:0a:0c:35 DHCP processing DHCP DISCOVER (1)
*DHCP Socket Task: Dec 16 13:57:07.372: 00:0e:35:0a:0c:35 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Dec 16 13:57:07.372: 00:0e:35:0a:0c:35 DHCP xid: 0xd8947c74 (3633609844), secs: 0, flags: 0
*DHCP Socket Task: Dec 16 13:57:07.372: 00:0e:35:0a:0c:35 DHCP chaddr: 00:0e:35:0a:0c:35
*DHCP Socket Task: Dec 16 13:57:07.372: 00:0e:35:0a:0c:35 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 16 13:57:07.372: 00:0e:35:0a:0c:35 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Dec 16 13:57:07.372: 00:0e:35:0a:0c:35 DHCP requested ip: 169.254.99.106
*DHCP Socket Task: Dec 16 13:57:07.372: 00:0e:35:0a:0c:35 DHCP Opt82 bridge mode insertion enabled, inserts opt82 if opt82 is enabled vlan=13, datalen =18, optlen=68
*DHCP Socket Task: Dec 16 13:57:07.372: 00:0e:35:0a:0c:35 DHCP successfully bridged packet to DS
*DHCP Socket Task: Dec 16 13:57:11.375: 00:0e:35:0a:0c:35 DHCP received op BOOTREQUEST (1) (len 312,vlan 16, port 1, encap 0xec03)
*DHCP Socket Task: Dec 16 13:57:11.375: 00:0e:35:0a:0c:35 DHCP (encap type 0xec03) mstype 0ff:ff:ff:ff:ff:ff
*DHCP Socket Task: Dec 16 13:57:11.375: 00:0e:35:0a:0c:35 DHCP processing DHCP DISCOVER (1)
*DHCP Socket Task: Dec 16 13:57:11.375: 00:0e:35:0a:0c:35 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Dec 16 13:57:11.375: 00:0e:35:0a:0c:35 DHCP xid: 0xd8947c74 (3633609844), secs: 1024, flags: 0
*DHCP Socket Task: Dec 16 13:57:11.375: 00:0e:35:0a:0c:35 DHCP chaddr: 00:0e:35:0a:0c:35
*DHCP Socket Task: Dec 16 13:57:11.375: 00:0e:35:0a:0c:35 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 16 13:57:11.375: 00:0e:35:0a:0c:35 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Dec 16 13:57:11.375: 00:0e:35:0a:0c:35 DHCP requested ip: 169.254.99.106
*DHCP Socket Task: Dec 16 13:57:11.375: 00:0e:35:0a:0c:35 DHCP Opt82 bridge mode insertion enabled, inserts opt82 if opt82 is enabled vlan=13, datalen =18, optlen=68
*DHCP Socket Task: Dec 16 13:57:11.375: 00:0e:35:0a:0c:35 DHCP successfully bridged packet to DS
*DHCP Socket Task: Dec 16 13:57:20.378: 00:0e:35:0a:0c:35 DHCP received op BOOTREQUEST (1) (len 312,vlan 16, port 1, encap 0xec03)
*DHCP Socket Task: Dec 16 13:57:20.379: 00:0e:35:0a:0c:35 DHCP (encap type 0xec03) mstype 0ff:ff:ff:ff:ff:ff
*DHCP Socket Task: Dec 16 13:57:20.379: 00:0e:35:0a:0c:35 DHCP processing DHCP DISCOVER (1)
*DHCP Socket Task: Dec 16 13:57:20.379: 00:0e:35:0a:0c:35 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Dec 16 13:57:20.379: 00:0e:35:0a:0c:35 DHCP xid: 0xd8947c74 (3633609844), secs: 3328, flags: 0
*DHCP Socket Task: Dec 16 13:57:20.379: 00:0e:35:0a:0c:35 DHCP chaddr: 00:0e:35:0a:0c:35
*DHCP Socket Task: Dec 16 13:57:20.379: 00:0e:35:0a:0c:35 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 16 13:57:20.379: 00:0e:35:0a:0c:35 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Dec 16 13:57:20.379: 00:0e:35:0a:0c:35 DHCP requested ip: 169.254.99.106
*DHCP Socket Task: Dec 16 13:57:20.379: 00:0e:35:0a:0c:35 DHCP Opt82 bridge mode insertion enabled, inserts opt82 if opt82 is enabled vlan=13, datalen =18, optlen=68
*DHCP Socket Task: Dec 16 13:57:20.379: 00:0e:35:0a:0c:35 DHCP successfully bridged packet to DS
*DHCP Socket Task: Dec 16 13:57:20.379: 00:0e:35:0a:0c:35 Interface Group was NULL.Number of DHCP Discovery 3 from client
*DHCP Socket Task: Dec 16 13:57:36.382: 00:0e:35:0a:0c:35 DHCP received op BOOTREQUEST (1) (len 312,vlan 16, port 1, encap 0xec03)
*DHCP Socket Task: Dec 16 13:57:36.383: 00:0e:35:0a:0c:35 DHCP (encap type 0xec03) mstype 0ff:ff:ff:ff:ff:ff
*DHCP Socket Task: Dec 16 13:57:36.383: 00:0e:35:0a:0c:35 DHCP processing DHCP DISCOVER (1)
*DHCP Socket Task: Dec 16 13:57:36.383: 00:0e:35:0a:0c:35 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Dec 16 13:57:36.383: 00:0e:35:0a:0c:35 DHCP xid: 0xd8947c74 (3633609844), secs: 7424, flags: 0
*DHCP Socket Task: Dec 16 13:57:36.383: 00:0e:35:0a:0c:35 DHCP chaddr: 00:0e:35:0a:0c:35
*DHCP Socket Task: Dec 16 13:57:36.383: 00:0e:35:0a:0c:35 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 16 13:57:36.383: 00:0e:35:0a:0c:35 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Dec 16 13:57:36.383: 00:0e:35:0a:0c:35 DHCP requested ip: 169.254.99.106
*DHCP Socket Task: Dec 16 13:57:36.383: 00:0e:35:0a:0c:35 DHCP Opt82 bridge mode insertion enabled, inserts opt82 if opt82 is enabled vlan=13, datalen =18, optlen=68 -
We have two wireless controllers in the DMZ that we use for guest access only. Right now the management, ap-management and dhcp addresses for users are all on the same IP segment. I know that's not the most secure way to deploy and wondered what the best practice is for this situation.
Thanks!It would be better if you were to seperate out the guest users into their own wlan/vlan/subnet. Assuming that the dmz endpoint allows for multiple subnets and/or vlan/subintefaces (PIX or IOS) You could then drop the guests into a subnet that can only access the internet and not any other local networks. This can also be acheived or aided by ACLs the wlan(s) as well.
-
How can I apply existing WCS "WLAN Config" templates to a new WLC?
We've been running a pair of WLC 4402s managed by WCS, thus we are still on the older 7.0.235.0 (WCS) / 7.0.235.3 (WLC) release. I'm trying to add an additional WLC 4402-50 as a hot spare. I first ran the manual setup steps to give it an IP in our range, and used the WLCs web page to set our SNMP communities and such to the values used by our existing WLCs, then I added the new WLC in WCS.
At this point I could apply most of the "Controller Templates" from our existing configuration to the new unit. However, I can not get it to take our existing interfaces nor our WLAN Configurations. How do I avoid needing to recreate these from scratch on the new WLC?
We only have four dynamic interfaces, and each WLC needs its own IP address for each interface, so I did manually add these via the WLCs web page. However, now when I go to the WCS' "Configure > Contoller Templagte Launch Pad" page, then select "WLANs > WLAN Configuration", I see my usual list of WLANs, but can't figure how to push them to the new WLC.
For all of the other templates on the launch pad, I can select a template, click the "Apply to Controllers..." button, and I get a list that has my existing two and also the new controller. I can select the new controller, and apply the template, and it succeeds.
Yet if I select a specific WLAN config, and press "Apply to Controllers...", the list that appears has only my existing two WLCs, not the the new one.
In small green type at the top it says, "Controllers configured with Interface/Interface Group - 'w-restricted' and selected RADIUS server(s), LDAP servers, ACL Name with rules and Ingress interface are shown."
I have already manually added the interface "w-restricted" to the new controller, and have added the RADIUS servers via the template used by our other two WLCs. Not sure what to do about "LDAP servers, ACL Name with rules and Ingress interface", as we don't have any ACL rules, nor use LDAP directly from the WLCs (as all user ID stuff is via RADIUS).
Any hints on what manual setup I should add to get the new WLC in the list for these WLAN Configs?
Thanks,
SteveTo be honest, if your only adding another WLC, your better off creating the interface and WLAN's manually. I don't like pushing out templates to create new WLAN's. I would use it to adjust an existing WLAN, but that would be it. To me it's safer. Also your new WLC is on the same code? If you really want to figure it out, I would manually add the interfaces first then refresh the co fog from the new WLC and then push out the WLAN SSID and see if it takes. If not, don't waste your time anymore and create it manually.
Sent from Cisco Technical Support iPhone App -
Client got not connection to wlan over wlc 2504 on 802.11b/g
Hi everybody,
We are using a wlc 2504 with 7.6.100.0 and AP 1532e.
I have the strange observacion that only clients with 802.11n (2.4GHz) can connect to the WLAN. Clients thats works only with 802.11b/g, they can't connect to the WLAN. Affected are all machines which want to connect with 802.11b/g.
This is a MESH WLAN with 5GHz backhaul and 2.4GHz for the user.
During the debugging found the following:
*apfMsConnTask_4: May 09 11:44:40.581: 00:1b:77:b4:34:e0 Sending Assoc Response to station on BSSID 18:9c:5d:71:34:50 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_4: May 09 11:44:40.581: 00:1b:77:b4:34:e0 apfProcessAssocReq (apf_80211.c:8292) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*spamApTask6: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Sent 1x initiate message to multi thread task for mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Creating a PKC PMKID Cache entry for station 00:1b:77:b4:34:e0 (RSN 2)
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Adding BSSID 18:9c:5d:71:34:50 to PMKID cache at index 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: New PMKID: (16)
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Initiating RSN PSK to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 EAP-PARAM Debug - eap-params for Wlan-Id :1 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 dot1x - moving mobile 00:1b:77:b4:34:e0 into Force Auth state
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 EAPOL Header:
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00000000: 02 03 00 5f ..._
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Starting key exchange to mobile 00:1b:77:b4:34:e0, data packets will be dropped
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Allocating EAP Pkt for retransmission to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:40.585: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_0: May 09 11:44:40.585: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*Dot1x_NW_MsgTask_0: May 09 11:44:40.585: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*Dot1x_NW_MsgTask_0: May 09 11:44:40.585: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:44:42.649: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:44:42.649: 00:1b:77:b4:34:e0 Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:44:42.649: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: May 09 11:44:42.649: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*dot1xMsgTask: May 09 11:44:42.649: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*dot1xMsgTask: May 09 11:44:42.649: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:44:44.649: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:44:44.649: 00:1b:77:b4:34:e0 Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:44:44.649: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: May 09 11:44:44.649: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*dot1xMsgTask: May 09 11:44:44.649: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*dot1xMsgTask: May 09 11:44:44.650: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:44:46.649: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Retransmit failure for EAPOL-Key M1 to mobile 00:1b:77:b4:34:e0, retransmit count 3, mscb deauth count 1
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Removing BSSID 18:9c:5d:71:34:50 from PMKID cache of station 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Setting active key cache index 0 ---> 8
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Sent Deauthenticate to mobile on BSSID 18:9c:5d:71:34:50 slot 0(caller 1x_ptsm.c:598)
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Deleting the PMK cache when de-authenticating the client.
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Global PMK Cache deletion failed.
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 57) in 10 seconds
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Freeing EAP Retransmit Bufer for mobile 00:1b:77:b4:34:e0
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Reassociation received from mobile on BSSID 18:9c:5d:71:34:50
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Global 200 Clients are allowed to AP radio
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Max Client Trap Threshold: 0 cur: 1
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 1
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Re-applying interface policy for client
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2202)
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2223)
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 In processSsidIE:4795 setting Central switched to TRUE
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 In processSsidIE:4798 apVapId = 1 and Split Acl Id = 65535
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Applying site-specific Local Bridging override for station 00:1b:77:b4:34:e0 - vapId 1, site 'default-group', interface 'catodos'
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Applying Local Bridging Interface Policy for station 00:1b:77:b4:34:e0 - vlan 1, interface id 12, interface 'catodos'
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 STA - rates (8): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 STA - rates (12): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Processing RSN IE type 48, length 20 for mobile 00:1b:77:b4:34:e0
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 Central switch is TRUE
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 18:9c:5d:71:34:50 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 apfPemAddUser2:session timeout forstation 00:1b:77:b4:34:e0 - Session Tout 1800, apfMsTimeOut '1800' and sessionTimerRunning flag is 0
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 Sending Assoc Response to station on BSSID 18:9c:5d:71:34:50 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 apfProcessAssocReq (apf_80211.c:8292) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*spamApTask6: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Sent 1x initiate message to multi thread task for mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Creating a PKC PMKID Cache entry for station 00:1b:77:b4:34:e0 (RSN 2)
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Adding BSSID 18:9c:5d:71:34:50 to PMKID cache at index 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: New PMKID: (16)
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Initiating RSN PSK to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 EAP-PARAM Debug - eap-params for Wlan-Id :1 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 dot1x - moving mobile 00:1b:77:b4:34:e0 into Force Auth state
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 EAPOL Header:
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00000000: 02 03 00 5f ..._
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Starting key exchange to mobile 00:1b:77:b4:34:e0, data packets will be dropped
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Allocating EAP Pkt for retransmission to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:44:54.249: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:44:54.249: 00:1b:77:b4:34:e0 Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:44:54.249: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: May 09 11:44:54.249: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*dot1xMsgTask: May 09 11:44:54.249: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*dot1xMsgTask: May 09 11:44:54.249: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:44:56.249: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:44:56.249: 00:1b:77:b4:34:e0 Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:44:56.249: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: May 09 11:44:56.249: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*dot1xMsgTask: May 09 11:44:56.249: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*dot1xMsgTask: May 09 11:44:56.249: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:44:58.249: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:44:58.249: 00:1b:77:b4:34:e0 Retransmit failure for EAPOL-Key M1 to mobile 00:1b:77:b4:34:e0, retransmit count 3, mscb deauth count 2
*dot1xMsgTask: May 09 11:44:58.249: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:44:58.249: 00:1b:77:b4:34:e0 Removing BSSID 18:9c:5d:71:34:50 from PMKID cache of station 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:44:58.249: 00:1b:77:b4:34:e0 Setting active key cache index 0 ---> 8
*dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Sent Deauthenticate to mobile on BSSID 18:9c:5d:71:34:50 slot 0(caller 1x_ptsm.c:598)
*dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
*dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Deleting the PMK cache when de-authenticating the client.
*dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Global PMK Cache deletion failed.
*dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 57) in 10 seconds
*dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Freeing EAP Retransmit Bufer for mobile 00:1b:77:b4:34:e0
*apfMsConnTask_4: May 09 11:45:03.768: 00:1b:77:b4:34:e0 Reassociation received from mobile on BSSID 18:9c:5d:71:34:50
*apfMsConnTask_4: May 09 11:45:03.768: 00:1b:77:b4:34:e0 Global 200 Clients are allowed to AP radio
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Max Client Trap Threshold: 0 cur: 1
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 1
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Re-applying interface policy for client
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2202)
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2223)
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 In processSsidIE:4795 setting Central switched to TRUE
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 In processSsidIE:4798 apVapId = 1 and Split Acl Id = 65535
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Applying site-specific Local Bridging override for station 00:1b:77:b4:34:e0 - vapId 1, site 'default-group', interface 'catodos'
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Applying Local Bridging Interface Policy for station 00:1b:77:b4:34:e0 - vlan 1, interface id 12, interface 'catodos'
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 STA - rates (8): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 STA - rates (12): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Processing RSN IE type 48, length 20 for mobile 00:1b:77:b4:34:e0
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Central switch is TRUE
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 18:9c:5d:71:34:50 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 apfPemAddUser2:session timeout forstation 00:1b:77:b4:34:e0 - Session Tout 1800, apfMsTimeOut '1800' and sessionTimerRunning flag is 0
*apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
*apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 Sending Assoc Response to station on BSSID 18:9c:5d:71:34:50 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 apfProcessAssocReq (apf_80211.c:8292) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*spamApTask6: May 09 11:45:03.772: 00:1b:77:b4:34:e0 Sent 1x initiate message to multi thread task for mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Creating a PKC PMKID Cache entry for station 00:1b:77:b4:34:e0 (RSN 2)
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Adding BSSID 18:9c:5d:71:34:50 to PMKID cache at index 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: New PMKID: (16)
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Initiating RSN PSK to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 EAP-PARAM Debug - eap-params for Wlan-Id :1 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 dot1x - moving mobile 00:1b:77:b4:34:e0 into Force Auth state
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 EAPOL Header:
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00000000: 02 03 00 5f ..._
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Starting key exchange to mobile 00:1b:77:b4:34:e0, data packets will be dropped
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Allocating EAP Pkt for retransmission to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:45:05.849: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:45:05.849: 00:1b:77:b4:34:e0 Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:45:05.849: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: May 09 11:45:05.849: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*dot1xMsgTask: May 09 11:45:05.849: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*dot1xMsgTask: May 09 11:45:05.849: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:45:07.848: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:45:07.849: 00:1b:77:b4:34:e0 Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:45:07.849: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: May 09 11:45:07.849: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*dot1xMsgTask: May 09 11:45:07.849: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*dot1xMsgTask: May 09 11:45:07.849: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:45:09.848: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:45:09.849: 00:1b:77:b4:34:e0 Retransmit failure for EAPOL-Key M1 to mobile 00:1b:77:b4:34:e0, retransmit count 3, mscb deauth count 3
*dot1xMsgTask: May 09 11:45:09.849: 00:1b:77:b4:34:e0 Blacklisting (if enabled) mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:45:09.849: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Change state to START (0) last state 8021X_REQD (3)
*dot1xMsgTask: May 09 11:45:09.849: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Reached FAILURE: from line 5274
*dot1xMsgTask: May 09 11:45:09.849: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 9) in 10 seconds
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Reassociation received from mobile on BSSID 18:9c:5d:71:34:50
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Global 200 Clients are allowed to AP radio
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Max Client Trap Threshold: 0 cur: 1
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 1
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Re-applying interface policy for client
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2202)
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2223)
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 In processSsidIE:4795 setting Central switched to TRUE
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 In processSsidIE:4798 apVapId = 1 and Split Acl Id = 65535
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Applying site-specific Local Bridging override for station 00:1b:77:b4:34:e0 - vapId 1, site 'default-group', interface 'catodos'
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Applying Local Bridging Interface Policy for station 00:1b:77:b4:34:e0 - vlan 1, interface id 12, interface 'catodos'
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 STA - rates (8): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 STA - rates (12): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Processing RSN IE type 48, length 20 for mobile 00:1b:77:b4:34:e0
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Central switch is TRUE
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 18:9c:5d:71:34:50 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 apfPemAddUser2:session timeout forstation 00:1b:77:b4:34:e0 - Session Tout 1800, apfMsTimeOut '1800' and sessionTimerRunning flag is 0
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Sending Assoc Response to station on BSSID 18:9c:5d:71:34:50 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_4: May 09 11:45:15.691: 00:1b:77:b4:34:e0 apfProcessAssocReq (apf_80211.c:8292) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*spamApTask6: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Sent 1x initiate message to multi thread task for mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Creating a PKC PMKID Cache entry for station 00:1b:77:b4:34:e0 (RSN 2)
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Removing BSSID 18:9c:5d:71:34:50 from PMKID cache of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Setting active key cache index 0 ---> 8
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Adding BSSID 18:9c:5d:71:34:50 to PMKID cache at index 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: New PMKID: (16)
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Initiating RSN PSK to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 EAP-PARAM Debug - eap-params for Wlan-Id :1 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 dot1x - moving mobile 00:1b:77:b4:34:e0 into Force Auth state
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 EAPOL Header:
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00000000: 02 03 00 5f ..._
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Starting key exchange to mobile 00:1b:77:b4:34:e0, data packets will be dropped
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Reusing allocated memory for EAP Pkt for retransmission to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*apfMsConnTask_4: May 09 11:45:15.875: 00:1b:77:b4:34:e0 Reassociation received from mobile on BSSID 18:9c:5d:71:34:50
*apfMsConnTask_4: May 09 11:45:15.875: 00:1b:77:b4:34:e0 Global 200 Clients are allowed to AP radio
*apfMsConnTask_4: May 09 11:45:15.875: 00:1b:77:b4:34:e0 Max Client Trap Threshold: 0 cur: 1
*apfMsConnTask_4: May 09 11:45:15.875: 00:1b:77:b4:34:e0 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 1
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Re-applying interface policy for client
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2202)
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2223)
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 In processSsidIE:4795 setting Central switched to TRUE
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 In processSsidIE:4798 apVapId = 1 and Split Acl Id = 65535
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Applying site-specific Local Bridging override for station 00:1b:77:b4:34:e0 - vapId 1, site 'default-group', interface 'catodos'
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Applying Local Bridging Interface Policy for station 00:1b:77:b4:34:e0 - vlan 1, interface id 12, interface 'catodos'
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 STA - rates (8): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 STA - rates (12): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Processing RSN IE type 48, length 20 for mobile 00:1b:77:b4:34:e0
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Initializing policy
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Central switch is TRUE
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 18:9c:5d:71:34:50 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*apfMsConnTask_4: May 09 11:45:15.877: 00:1b:77:b4:34:e0 apfPemAddUser2:session timeout forstation 00:1b:77:b4:34:e0 - Session Tout 1800, apfMsTimeOut '1800' and sessionTimerRunning flag is 0
*apfMsConnTask_4: May 09 11:45:15.877: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_4: May 09 11:45:15.877: 00:1b:77:b4:34:e0 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
*apfMsConnTask_4: May 09 11:45:15.877: 00:1b:77:b4:34:e0 Sending Assoc Response to station on BSSID 18:9c:5d:71:34:50 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_4: May 09 11:45:15.877: 00:1b:77:b4:34:e0 apfProcessAssocReq (apf_80211.c:8292) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*spamApTask6: May 09 11:45:15.878: 00:1b:77:b4:34:e0 Sent 1x initiate message to multi thread task for mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Creating a PKC PMKID Cache entry for station 00:1b:77:b4:34:e0 (RSN 2)
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Removing BSSID 18:9c:5d:71:34:50 from PMKID cache of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Setting active key cache index 0 ---> 8
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Adding BSSID 18:9c:5d:71:34:50 to PMKID cache at index 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: New PMKID: (16)
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Initiating RSN PSK to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 EAP-PARAM Debug - eap-params for Wlan-Id :1 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 dot1x - moving mobile 00:1b:77:b4:34:e0 into Force Auth state
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 EAPOL Header:
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00000000: 02 03 00 5f ..._
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Starting key exchange to mobile 00:1b:77:b4:34:e0, data packets will be dropped
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Reusing allocated memory for EAP Pkt for retransmission to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:45:18.048: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:45:18.049: 00:1b:77:b4:34:e0 Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:45:18.049: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: May 09 11:45:18.049: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*dot1xMsgTask: May 09 11:45:18.049: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*dot1xMsgTask: May 09 11:45:18.049: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:45:20.049: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:45:20.049: 00:1b:77:b4:34:e0 Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:45:20.049: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: May 09 11:45:20.049: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*dot1xMsgTask: May 09 11:45:20.049: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*dot1xMsgTask: May 09 11:45:20.049: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:45:22.048: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Retransmit failure for EAPOL-Key M1 to mobile 00:1b:77:b4:34:e0, retransmit count 3, mscb deauth count 0
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Removing BSSID 18:9c:5d:71:34:50 from PMKID cache of station 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Setting active key cache index 0 ---> 8
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Sent Deauthenticate to mobile on BSSID 18:9c:5d:71:34:50 slot 0(caller 1x_ptsm.c:598)
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Deleting the PMK cache when de-authenticating the client.
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Global PMK Cache deletion failed.
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 57) in 10 seconds
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Freeing EAP Retransmit Bufer for mobile 00:1b:77:b4:34:e0
*osapiBsnTimer: May 09 11:45:32.048: 00:1b:77:b4:34:e0 apfMsExpireCallback (apf_ms.c:625) Expiring Mobile!
*apfReceiveTask: May 09 11:45:32.049: 00:1b:77:b4:34:e0 apfMsExpireMobileStation (apf_ms.c:6632) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Disassociated
*apfReceiveTask: May 09 11:45:32.049: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 45) in 10 seconds
Thanks for any adviceIn some of the big name brands of wireless, there is "no such thing" as 802.11n on a 2.4 Ghz. No such thing because Cisco won't allow you (any more) to do channel bonding of 2.4 Ghz. It doesn't make any sense to bond an already restricted 2.4 Ghz non-overlapping channel (three) and squeeze this number down to two.
Can you check to ensure that the data rates for 802.11b are enabled? Maybe someone disabled data rates from 1 Mbps to 11 Mbps. -
Can't connect to router / Error says router uses ACLs which it doesn't
Hi!
I'm having troubles connecting my MacBook (10.4.10) to my WLAN-Router (Siemens Gigaset SE551).
I switched from WEP to WPA encryption today and all windows machines work just fine, however my MacBook refuses to connect.
The dialog says:
"The selected network uses an Access Control List to restrict access and this computer is not in the list.".
This is wrong. MAC Filtering is not enabled and the MacBook connects flawlessly using Bootcamp.
I already tried to clean up my network settings (no default entries, etc.) and updated the routers firmware. Nothing works.
Any ideas?
bye
PhilPhil
MacBook Mac OS X (10.4.10) Airport, Siemens Gigaset, SE551, WPA, MAC, ACL
MacBook Mac OS X (10.4.10)It works under Bootcamp, so the router settings can't be the problem, right?
Well, no, Macs & Routers don't exactly agree on "standards", and most likely everybody's Router was tested or fixed to work with Windows® "standards"!
Yet I don't "think' that were the problem is yet. Most referemces to SSIDs are kept either in Keychain, or...
/Users/nnnn/Library/Preferences/com.apple.internetconnect.plist
/Library/Preferences/SystemConfiguration/preferences.plist
/Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist
With cross references used between them too!
Crazy Idea®... maybe try enabling ACL on the Router as a test with the mac's MAC in it? -
WLAN User Idle Timeout and WPA2-PSK authentication
Hi,
There is a WLAN for Guest users with Session Timeout of 65535 sec and User Idle Timeout of 28800 sec. The WLAN uses PSK as Layer-2 authentication and Web Auth as Layer-3 authentication. Authentication source is locally created users on the controllers (LocalEAP) - can be RADIUS through ISE as well.
(Cisco Controller) show>sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.6.130.0
RTOS Version..................................... 7.6.130.0
Bootloader Version............................... 7.6.130.0
Emergency Image Version.......................... 7.6.130.0
Build Type....................................... DATA + WPS
System Name...................................... vwlc-1
System Location.................................. Matrix
System Contact................................... IT HelpDesk Matrix
System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
IP Address....................................... 10.10.10.50
System Up Time................................... 6 days 17 hrs 30 mins 26 secs
System Timezone Location......................... (GMT+10:00) Sydney, Melbourne, Canberra
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... AU - Australia
--More-- or (q)uit
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 2
Number of Active Clients......................... 0
Burned-in MAC Address............................ 00:0C:29:74:15:2F
Maximum number of APs supported.................. 200
(Cisco Controller) show> wlan 2
WLAN Identifier.................................. 2
Profile Name..................................... Matrix-LocalEAP
Network Name (SSID).............................. Matrix-LocalEAP
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status
Radius Profiling ............................ Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Local Profiling ............................. Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 65535 seconds
User Idle Timeout................................ 28800 seconds
Sleep Client..................................... disable
Sleep Client Timeout............................. 12 hours
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... vwlc-1
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... 802.1P (Tag=2)
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 10.10.10.70 1812
Accounting.................................... 10.10.10.70 1813
Interim Update............................. Disabled
Framed IPv6 Acct AVP ...................... Prefix
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Enabled (Profile 'local-eap-matrix')
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Disabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled
IPv4 ACL........................................ Unconfigured
IPv6 ACL........................................ Unconfigured
Web-Auth Flex ACL............................... Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
flexconnect PPPoE pass-through................ Disabled
flexconnect local-switching IP-source-guar.... Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
Eap-params.................................... Disabled
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Split Tunnel (Printers).......................... Disabled
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled
Local Policy
Priority Policy Name
The wireless user on joining the WLAN enters the PSK and than gets redirected to WLC Web Auth portal for authentication. On successful login, the user is granted access. The issue is that despite Idle Timeout being 28800 sec (8 hours), the WLC removes the client entry before 8 hours if the device goes to sleep - mostly within the first hour. Tested this on Windows 7 notebook multiple times. When the PC is put to sleep, the WLC loses its record after some time. When PC wakes up, it has to undergo Web Auth again. Debugging the client MAC generates these logs - from initial association to final clearing.
(Cisco Controller) >*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Association received from mobile on BSSID 00:26:cb:4c:89:d1
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Global 200 Clients are allowed to AP radio
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Max Client Trap Threshold: 0 cur: 1
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 override for default ap group, marking intgrp NULL
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 10
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Re-applying interface policy for client
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2219)
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2240)
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 In processSsidIE:4850 setting Central switched to FALSE
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Applying site-specific Local Bridging override for station 3c:a9:f4:0b:91:70 - vapId 2, site 'default-group', interface 'management'
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Applying Local Bridging Interface Policy for station 3c:a9:f4:0b:91:70 - vlan 10, interface id 0, interface 'management'
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 STA - rates (6): 152 36 176 72 96 108 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Processing RSN IE type 48, length 22 for mobile 3c:a9:f4:0b:91:70
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 AID 1 in Assoc Req from flex AP 00:26:cb:4c:89:d0 is same as in mscb 3c:a9:f4:0b:91:70
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 apfMs1xStateDec
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Change state to START (0) last state WEBAUTH_REQD (8)
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 START (0) Initializing policy
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Encryption policy is set to 0x80000001
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Central switch is FALSE
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Sending Local Switch flag = 1
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 8021X_REQD (3) DHCP Not required on AP 00:26:cb:4c:89:d0 vapId 2 apVapId 2for this client
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 00:26:cb:4c:89:d0 vapId 2 apVapId 2 flex-acl-name:
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 3c:a9:f4:0b:91:70 on AP 00:26:cb:4c:89:d0 from Associated to Associated
*apfMsConnTask_0: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 apfPemAddUser2:session timeout forstation 3c:a9:f4:0b:91:70 - Session Tout 65535, apfMsTimeOut '65535' and sessionTimerRunning flag is 0
*apfMsConnTask_0: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 Scheduling deletion of Mobile Station: (callerId: 49) in 65535 seconds
*apfMsConnTask_0: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 Func: apfPemAddUser2, Ms Timeout = 65535, Session Timeout = 65535
*apfMsConnTask_0: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 Sending Assoc Response to station on BSSID 00:26:cb:4c:89:d1 (status 0) ApVapId 2 Slot 0
*apfMsConnTask_0: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 apfProcessAssocReq (apf_80211.c:8294) Changing state for mobile 3c:a9:f4:0b:91:70 on AP 00:26:cb:4c:89:d0 from Associated to Associated
*pemReceiveTask: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 10.10.1.130 Removed NPU entry.
*spamApTask7: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Sent 1x initiate message to multi thread task for mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Creating a PKC PMKID Cache entry for station 3c:a9:f4:0b:91:70 (RSN 2)
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Resetting MSCB PMK Cache Entry 0 for station 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Removing BSSID 00:26:cb:4c:89:d1 from PMKID cache of station 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Setting active key cache index 0 ---> 8
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Adding BSSID 00:26:cb:4c:89:d1 to PMKID cache at index 0 for station 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: New PMKID: (16)
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: [0000] 67 67 8f 7d 2a 8d 78 f9 6d 29 c7 74 d2 fd 6a 25
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Initiating RSN PSK to mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 EAP-PARAM Debug - eap-params for Wlan-Id :2 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 dot1x - moving mobile 3c:a9:f4:0b:91:70 into Force Auth state
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Skipping EAP-Success to mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 EAPOL Header:
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 00000000: 02 03 5f 00 .._.
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Found an cache entry for BSSID 00:26:cb:4c:89:d1 in PMKID cache at index 0 of station 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Found an cache entry for BSSID 00:26:cb:4c:89:d1 in PMKID cache at index 0 of station 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: [0000] 67 67 8f 7d 2a 8d 78 f9 6d 29 c7 74 d2 fd 6a 25
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Starting key exchange to mobile 3c:a9:f4:0b:91:70, data packets will be dropped
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Allocating EAP Pkt for retransmission to mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 mscb->apfMsLwappLradNhMac = 00:0c:29:e4:e9:6a mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 mscb->apfMsBssid = 00:26:cb:4c:89:d0 mscb->apfMsAddress = 3c:a9:f4:0b:91:70 mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 10 mscb->apfMsLwappMwarInet.ipv4.addr = 168430130
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 168427904 mscb->apfMsLwappLradPort = 41879
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.567: 3c:a9:f4:0b:91:70 Received EAPOL-Key from mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Received EAPOL-key in PTK_START state (message 2) from mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Stopping retransmission timer for mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 EAPOL Header:
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 00000000: 02 03 5f 00 .._.
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Reusing allocated memory for EAP Pkt for retransmission to mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 mscb->apfMsLwappLradNhMac = 00:0c:29:e4:e9:6a mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 mscb->apfMsBssid = 00:26:cb:4c:89:d0 mscb->apfMsAddress = 3c:a9:f4:0b:91:70 mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 10 mscb->apfMsLwappMwarInet.ipv4.addr = 168430130
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 168427904 mscb->apfMsLwappLradPort = 41879
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Received EAPOL-Key from mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Stopping retransmission timer for mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Freeing EAP Retransmit Bufer for mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 apfMs1xStateInc
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Central switch is FALSE
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Sending the Central Auth Info
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Central Auth Info Allocated PMKLen = 32
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: EapolReplayCounter: 00 00 00 00 00 00 00 01
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: EapolReplayCounter: 00 00 00 00 00 00 00 01
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 PMK: pmkActiveIndex = 0
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 EapolReplayCounter: 00 00 00 00 00 00 00 01
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 2
apfMsEntryType = 0 apfMsEapType = 0
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Sending Local Switch flag = 1
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 L2AUTHCOMPLETE (4) DHCP Not required on AP 00:26:cb:4c:89:d0 vapId 2 apVapId 2for this client
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Not Using WMM Compliance code qosCap 00
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 00:26:cb:4c:89:d0 vapId 2 apVapId 2 flex-acl-name:
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 L2AUTHCOMPLETE (4) Change state to WEBAUTH_REQD (8) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) pemAdvanceState2 6236, Adding TMP rule
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Adding Fast Path rule
type = Airespace AP Client - ACL passthru
on AP 00:26:cb:4c:89:d0, slot 0, interface = 1, QOS = 0
IPv4 ACL ID
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Fast Path rule (contd...) 802.1P = 2, DSCP = 0, TokenID = 64206 Local Bridging Vlan = 10, Local Bridging intf id = 0
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*spamApTask7: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 spamEncodeCentralAuthInoMsPayload: msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 2
apfMsEntryType = 0 pmkLen = 32
*pemReceiveTask: Feb 04 07:48:10.570: 3c:a9:f4:0b:91:70 10.10.1.130 Added NPU entry of type 2, dtlFlags 0x0
*pemReceiveTask: Feb 04 07:48:10.570: 3c:a9:f4:0b:91:70 Pushing IPv6: fe80:0000:0000:0000:c915:4a8e:6d1a:e20d , and MAC: 3C:A9:F4:0B:91:70 , Binding to Data Plane. SUCCESS !!
*DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP received op BOOTREPLY (2) (len 308,vlan 10, port 1, encap 0xec03)
*DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP processing DHCP ACK (5)
*DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP xid: 0xcce207f6 (3437365238), secs: 0, flags: 0
*DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP chaddr: 3c:a9:f4:0b:91:70
*DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP ciaddr: 0.0.0.0, yiaddr: 10.10.1.130
*DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP server id: 10.10.1.20 rcvd server id: 10.10.1.20
*SNMPTask: Feb 04 07:48:16.594: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:48:16.594: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:48:16.595: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:48:16.595: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*ewmwebWebauth1: Feb 04 07:48:31.129: 3c:a9:f4:0b:91:70 Username entry (local1) created for mobile, length = 6
*ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 Username entry (local1) created in mscb for mobile, length = 6
*ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Change state to WEBAUTH_NOL3SEC (14) last state WEBAUTH_REQD (8)
*ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 apfMsRunStateInc
*ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_NOL3SEC (14) Change state to RUN (20) last state WEBAUTH_NOL3SEC (14)
*ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 Session Timeout is 65535 - starting session timer for the mobile
*ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 10.10.1.130 RUN (20) Reached PLUMBFASTPATH: from line 6571
*ewmwebWebauth1: Feb 04 07:48:31.131: 3c:a9:f4:0b:91:70 10.10.1.130 RUN (20) Replacing Fast Path rule
type = Airespace AP Client
on AP 00:26:cb:4c:89:d0, slot 0, interface = 1, QOS = 0
IPv4 ACL ID = 255, IPv6 ACL ID =
*ewmwebWebauth1: Feb 04 07:48:31.131: 3c:a9:f4:0b:91:70 10.10.1.130 RUN (20) Fast Path rule (contd...) 802.1P = 2, DSCP = 0, TokenID = 64206 Local Bridging Vlan = 10, Local Bridging intf id = 0
*ewmwebWebauth1: Feb 04 07:48:31.131: 3c:a9:f4:0b:91:70 10.10.1.130 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*pemReceiveTask: Feb 04 07:48:31.132: 3c:a9:f4:0b:91:70 10.10.1.130 Added NPU entry of type 1, dtlFlags 0x0
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >*pemReceiveTask: Feb 04 07:48:31.132: 3c:a9:f4:0b:91:70 Pushing IPv6: fe80:0000:0000:0000:c915:4a8e:6d1a:e20d , and MAC: 3C:A9:F4:0B:91:70 , Binding to Data Plane. SUCCESS !!
*emWeb: Feb 04 07:49:14.120: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*emWeb: Feb 04 07:49:14.120: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*emWeb: Feb 04 07:49:14.120: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:51:19.646: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:51:19.646: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:51:19.662: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:51:19.662: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:51:19.663: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:51:19.663: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*IPv6_Msg_Task: Feb 04 07:53:35.661: 3c:a9:f4:0b:91:70 Link Local address fe80::c915:4a8e:6d1a:e20d updated to mscb. Not Advancing pem state.Current state: mscb in apfMsMmInitial mobility state and client state APF_MS_STATE_A
*dot1xMsgTask: Feb 04 07:54:26.664: GTK Rotation Kicked in for AP: 00:26:cb:4c:89:d0 SlotId = 1 - (0x47440ef0)
*dot1xMsgTask: Feb 04 07:54:26.665: Generated a new group key for AP 00:26:cb:4c:89:d0(1) - vap 1
*dot1xMsgTask: Feb 04 07:54:26.665: Sending of M5 for 00:26:cb:4c:89:d0 is Skipped, rc = 1
*dot1xMsgTask: Feb 04 07:54:26.665: Generated a new group key for AP 00:26:cb:4c:89:d0(1) - vap 2
*dot1xMsgTask: Feb 04 07:54:26.665: Sending of M5 for 00:26:cb:4c:89:d0 is Skipped, rc = 1
*SNMPTask: Feb 04 07:56:19.689: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:56:19.689: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 08:01:19.730: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 08:01:19.730: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*dot1xMsgTask: Feb 04 08:01:23.904: GTK Rotation Kicked in for AP: 00:26:cb:4c:89:d0 SlotId = 0 - (0x47440ef0)
*dot1xMsgTask: Feb 04 08:01:23.904: Generated a new group key for AP 00:26:cb:4c:89:d0(0) - vap 1
*dot1xMsgTask: Feb 04 08:01:23.905: Sending of M5 for 00:26:cb:4c:89:d0 is Skipped, rc = 1
*dot1xMsgTask: Feb 04 08:01:23.905: Generated a new group key for AP 00:26:cb:4c:89:d0(0) - vap 2
*dot1xMsgTask: Feb 04 08:01:23.905: GTK rotation for 3c:a9:f4:0b:91:70
*dot1xMsgTask: Feb 04 08:01:23.905: 3c:a9:f4:0b:91:70 EAPOL Header:
*dot1xMsgTask: Feb 04 08:01:23.905: 00000000: 02 03 5f 00 .._.
*dot1xMsgTask: Feb 04 08:01:23.905: 3c:a9:f4:0b:91:70 Key exchange done, data packets from mobile 3c:a9:f4:0b:91:70 should be forwarded shortly
*dot1xMsgTask: Feb 04 08:01:23.905: 3c:a9:f4:0b:91:70 Key exchange done, data packets from mobile 3c:a9:f4:0b:91:70 should be forwarded shortly
*dot1xMsgTask: Feb 04 08:01:23.906: Confirmation Key: (16)
*dot1xMsgTask: Feb 04 08:01:23.906: [0000] fa a3 68 28 46 1f 49 18 a0 60 7a 92 c4 f5 64 3d
*dot1xMsgTask: Feb 04 08:01:23.906: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
*dot1xMsgTask: Feb 04 08:01:23.906: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
*dot1xMsgTask: Feb 04 08:01:23.906: 3c:a9:f4:0b:91:70 Allocating EAP Pkt for retransmission to mobile 3c:a9:f4:0b:91:70
*dot1xMsgTask: Feb 04 08:01:23.906: 3c:a9:f4:0b:91:70 mscb->apfMsLwappLradNhMac = 00:0c:29:e4:e9:6a mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: Feb 04 08:01:23.906: 3c:a9:f4:0b:91:70 mscb->apfMsBssid = 00:26:cb:4c:89:d0 mscb->apfMsAddress = 3c:a9:f4:0b:91:70 mscb->apfMsApVapId = 2
*dot1xMsgTask: Feb 04 08:01:23.907: 3c:a9:f4:0b:91:70 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 1 mscb->apfMsLwappLradVlanId = 10 mscb->apfMsLwappMwarInet.ipv4.addr = 168430130
*dot1xMsgTask: Feb 04 08:01:23.907: 3c:a9:f4:0b:91:70 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 168427904 mscb->apfMsLwappLradPort = 41879
*dot1xMsgTask: Feb 04 08:01:23.907: 3c:a9:f4:0b:91:70 Updated broadcast key sent to mobile 3C:A9:F4:0B:91:70
*dot1xMsgTask: Feb 04 08:01:23.907: 3c:a9:f4:0b:91:70 Updated broadcast key sent to mobile 3C:A9:F4:0B:91:70
*dot1xMsgTask: Feb 04 08:01:23.907: Sending of M5 for 00:26:cb:4c:89:d0 is Skipped, rc = 1
*osapiBsnTimer: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 802.1x 'timeoutEvt' Timer expired for station 3c:a9:f4:0b:91:70 and for message = M5
*dot1xMsgTask: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 Retransmit 1 of EAPOL-Key M5 (length 131) for mobile 3c:a9:f4:0b:91:70
*dot1xMsgTask: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 mscb->apfMsLwappLradNhMac = 00:0c:29:e4:e9:6a mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 mscb->apfMsBssid = 00:26:cb:4c:89:d0 mscb->apfMsAddress = 3c:a9:f4:0b:91:70 mscb->apfMsApVapId = 2
*dot1xMsgTask: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 1 mscb->apfMsLwappLradVlanId = 10 mscb->apfMsLwappMwarInet.ipv4.addr = 168430130
*dot1xMsgTask: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 168427904 mscb->apfMsLwappLradPort = 41879
*osapiBsnTimer: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 802.1x 'timeoutEvt' Timer expired for station 3c:a9:f4:0b:91:70 and for message = M5
*dot1xMsgTask: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 Retransmit 2 of EAPOL-Key M5 (length 131) for mobile 3c:a9:f4:0b:91:70
*dot1xMsgTask: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 mscb->apfMsLwappLradNhMac = 00:0c:29:e4:e9:6a mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 mscb->apfMsBssid = 00:26:cb:4c:89:d0 mscb->apfMsAddress = 3c:a9:f4:0b:91:70 mscb->apfMsApVapId = 2
*dot1xMsgTask: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 1 mscb->apfMsLwappLradVlanId = 10 mscb->apfMsLwappMwarInet.ipv4.addr = 168430130
*dot1xMsgTask: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 168427904 mscb->apfMsLwappLradPort = 41879
*osapiBsnTimer: Feb 04 08:01:27.104: 3c:a9:f4:0b:91:70 802.1x 'timeoutEvt' Timer expired for station 3c:a9:f4:0b:91:70 and for message = M5
*dot1xMsgTask: Feb 04 08:01:27.104: 3c:a9:f4:0b:91:70 Retransmit failure for EAPOL-Key M5 to mobile 3c:a9:f4:0b:91:70, retransmit count 3, mscb deauth count 0
*dot1xMsgTask: Feb 04 08:01:27.104: 3c:a9:f4:0b:91:70 Resetting MSCB PMK Cache Entry 0 for station 3c:a9:f4:0b:91:70
*dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Removing BSSID 00:26:cb:4c:89:d1 from PMKID cache of station 3c:a9:f4:0b:91:70
*dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Setting active key cache index 0 ---> 8
*dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Sent Deauthenticate to mobile on BSSID 00:26:cb:4c:89:d0 slot 0(caller 1x_ptsm.c:598)
*dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Setting active key cache index 8 ---> 8
*dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Deleting the PMK cache when de-authenticating the client.
*dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Global PMK Cache deletion failed.
*dot1xMsgTask: Feb 04 08:01:27.106: 3c:a9:f4:0b:91:70 Scheduling deletion of Mobile Station: (callerId: 57) in 10 seconds
*dot1xMsgTask: Feb 04 08:01:27.106: 3c:a9:f4:0b:91:70 Freeing EAP Retransmit Bufer for mobile 3c:a9:f4:0b:91:70
*osapiBsnTimer: Feb 04 08:01:37.105: 3c:a9:f4:0b:91:70 apfMsExpireCallback (apf_ms.c:626) Expiring Mobile!
*apfReceiveTask: Feb 04 08:01:37.105: 3c:a9:f4:0b:91:70 apfMsExpireMobileStation (apf_ms.c:6655) Changing state for mobile 3c:a9:f4:0b:91:70 on AP 00:26:cb:4c:89:d0 from Associated to Disassociated
*apfReceiveTask: Feb 04 08:01:37.105: 3c:a9:f4:0b:91:70 Scheduling deletion of Mobile Station: (callerId: 45) in 10 seconds
*osapiBsnTimer: Feb 04 08:01:47.105: 3c:a9:f4:0b:91:70 apfMsExpireCallback (apf_ms.c:626) Expiring Mobile!
*apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 Sent Deauthenticate to mobile on BSSID 00:26:cb:4c:89:d0 slot 0(caller apf_ms.c:6749)
*apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 Setting active key cache index 8 ---> 8
*apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 Deleting the PMK cache when de-authenticating the client.
*apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 Global PMK Cache deletion failed.
*apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 apfMsAssoStateDec
*apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 apfMsExpireMobileStation (apf_ms.c:6787) Changing state for mobile 3c:a9:f4:0b:91:70 on AP 00:26:cb:4c:89:d0 from Disassociated to Idle
*apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 Scheduling deletion of Mobile Station: (callerId: 47) in 10 seconds
*osapiBsnTimer: Feb 04 08:01:57.106: 3c:a9:f4:0b:91:70 apfMsExpireCallback (apf_ms.c:626) Expiring Mobile!
*apfReceiveTask: Feb 04 08:01:57.106: 3c:a9:f4:0b:91:70 pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Feb 04 08:01:57.106: 3c:a9:f4:0b:91:70 10.10.1.130 START (0) Deleted mobile LWAPP rule on AP [00:26:cb:4c:89:d0]
*apfReceiveTask: Feb 04 08:01:57.106: 3c:a9:f4:0b:91:70 Username entry deleted for mobile
*apfReceiveTask: Feb 04 08:01:57.106: 3c:a9:f4:0b:91:70 Deleting mobile on AP 00:26:cb:4c:89:d0(0)
If Layer-2 Auth (PSK) is set to "none" and only Layer-3 Web Auth is kept, then there are no issues. PC can wake up before 8 hours and not prompted for Web Auth again. As a test, I setup the WLAN with Layer-2 PSK auth only with Layer-3 auth set to none. The WLC removed the client entry after 25 minutes. Not an issue for PSK based auth only as PC on wake up seamlessly gets associated to WLAN.
Is User Idle Timeout setting not valid when WPA2-PSK is used as the auth method ?
Thanks,
Rick.Thanks Scott, The code version is 7.6.130.0 which supports Sleeping Client feature. However, as per the docu "http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_010111.html#reference_7008E6F7D7094BA7AD39491D7361622D"
The authentication of sleeping clients feature is not supported with Layer 2 security and web authentication enabled.
and as you mentioned as well
...Sleeping client like George mentioned is a better way than adjusting the idle timer but strictly for layer 3 only...
Sleeping Client wasn't an option in my case. That is why I was hoping that Idle Timeout may do the trick here. This is an actual case where a client with an existing wireless network just wanted to enable sleeping client feature so that their guests don't need to re-auth if their device sleeps or they go out (break) and come back after some time. Layer-3 Web Auth alone should be enough I think. Keeping L2-PSK is probably their security team's decision, as they also use the same SSID for BYOD devices and don't want nearby people/buildings to see that there is an Open Wifi available and on joining would see the Web Auth portal and company disclaimer.
George, I agree with Dot1X method. It can be used for the BYOD devices (separate SSID) while we can keep the Guest WLAN as L3-WebAuth only on controller (or do CWA through ISE if available).
Thanks for all your help.
Rick. -
Growing a WLAN beyond a class C network (WLC2504, AP2700), AP groups?
We're about to grow our network by expanding to a new office a few floor up putting us at a size no longer fit for a class C network (> 255 devices). For obvious reasons I don't want to increase the network's size beyond that either.
The equipment used is a 1 x WLC 2504 and 15 x AP2700. It's set up to run the APs in local mode for now and in terms of wireless traffic that should still work fine.
Since the offices are about 100 meters apart and require users to travel even further to get to from one to the other roaming between them is not really important and associating to an AP in the wrong office is unlikely given the distance. There is a fiber connection between the two offices.
What I do need is for users to be able to authenticate with the same credentials and for the same SSID to be used in both locations. I'm thinking this is best solved by giving each office it's own IP-range and AP Groups but maybe there are other alternatives?
Also I haven't managed to successfully get AP Groups to work. I have created a new interface on the controller with a different VLAN, DHCP server, etc. Then I added a WLAN to an AP Group but changed the interface to the newly created (different from the one set up in the WLAN). However when I associate to an AP in that AP group I still end up on the same VLAN as on the APs in the default-group.
Is changing of VLAN mapping only available for FlexConnect APs?
There is also a prerequisite in the documentation (linked below) that "the required access control list (ACL) must be defined on the router that serves the VLAN or subnet"? I haven't really understood what type of ACL this would be? The network as such is set up in an ASA firewall and has internet access, dhcp and so forth set.
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_01011100.html
I believe one solution would be to just create two WLANs with different profile name and VLAN but otherwise similar and assign them to different AP groups? This would also assume I stop using the default AP group and keep APs in two other AP groups since all WLANs exist in the default group.
Any help or guidance is appreciated.(Cisco Controller) >show wlan apgroups
Total Number of AP Groups........................ 1
Site Name........................................ default-group
Site Description................................. <none>
NAS-identifier................................... Cisco_xx:yy:zz
AP Operating Class............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 employeenet Disabled None
2 management Disabled None
3 guestnet Disabled None
16 guestnet Disabled None
--More-- or (q)uit
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
AP_Hangout 2 AIR-CAP3602I-E-K9 c0:67:af:xx:yy:zz default location 1 SE 1
AP_N 2 AIR-CAP3602I-E-K9 c0:67:af:xx:yy:zz default location 1 SE 1
AP_Investor 2 AIR-CAP3602I-E-K9 c0:67:af:xx:yy:zz default location 1 SE 1
AP_Extra 2 AIR-CAP3602I-E-K9 c0:67:af:xx:yy:zz default location 1 SE 1
AP_NW 2 AIR-CAP3602I-E-K9 c0:67:af:xx:yy:zz default location 1 SE 1
AP_Boardroom 2 AIR-CAP3602I-E-K9 c0:67:af:xx:yy:zz default location 1 SE 1
AP_Investor 2 AIR-CAP3602I-E-K9 c0:67:af:xx:yy:zz default location 1 SE 1
AP_NE 2 AIR-CAP3602I-E-K9 c0:67:af:xx:yy:zz default location 1 SE 1
AP_Reception 2 AIR-CAP3602I-E-K9 c0:67:af:xx:yy:zz default location 1 SE 1
AP25_NW 2 AIR-CAP2702I-E-K9 f4:0f:1b:xx:yy:zz 8th floor 1 SE 1
AP25_Hangout 2 AIR-CAP2702I-E-K9 f4:0f:1b:xx:yy:zz 8th floor 1 SE 1
AP_Event 2 AIR-CAP3602I-E-K9 c0:67:af:xx:yy:zz default location 1 SE 1
Site Name........................................ employeenet_2
Site Description................................. 8th floor AP group
Venue Group Code................................. Unspecified
--More-- or (q)uit
Venue Type Code.................................. Unspecified
NAS-identifier................................... Cisco_xx:yy:zz
AP Operating Class............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 employeenet_2 Disabled None
16 guestnet Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
AP25_undefined 2 AIR-CAP2702I-E-K9 f4:0f:1b:xx.yy:zz 8th floor 1 SE 1
--More-- or (q)uit
(Cisco Controller) >
We're changing the APs out from the 3600 ones to the 2700 although all are not changed yet. Also I only moved one AP to the AP Group I'm trying to get working for the testing.
(Cisco Controller) >show wlan 1
WLAN Identifier.................................. 1
Profile Name..................................... Employeenet
Network Name (SSID).............................. <company name>
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status
Radius Profiling ............................ Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Local Profiling ............................. Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
--More-- or (q)uit
Number of Active Clients......................... 9
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ Disabled
Sleep Client..................................... disable
Sleep Client Timeout............................. 12 hours
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... Cisco_xx:yy:zz
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ employeenet
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
--More-- or (q)uit
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
--More-- or (q)uit
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Disabled
Framed IPv6 Acct AVP ...................... Prefix
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
--More-- or (q)uit
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
flexconnect PPPoE pass-through................ Disabled
--More-- or (q)uit
flexconnect local-switching IP-source-guar.... Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
Eap-params.................................... Disabled
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Split Tunnel (Printers).......................... Disabled
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Disabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
--More-- or (q)uit
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled
Local Policy
Priority Policy Name
(Cisco Controller) >
WLAN ID 2 and 3 are disabled.
Thanks for looking into this. -
Hi, all!
I have a problem with connectivity my E51 to D-link DWL-3200AP (WiFi access point). This device have a following settings:
Wireless Band IEEE802.11G
Mode Access point
SSID Company
SSID Broadcast Disable
Channel 6 (2,437GHz)
Authentication WPA2-Personal
Cipher Type TKIP
PassPhrase [63 different symbols]
ACL MAC Filter - permit only chosen MAC adresses (including my MAC on E51)
How I must configure E51 WLAN client for access to my network? And how setup IPv4 stack on this phone?
Message Edited by pretender on 06-Feb-2008 10:59 AM
Nokia E51@ awaisaliliaqat
u should have created ur own topic rather then hijacking the OPs thread
try this: Menu > Tools > Settings > Connection > Access Point
Select the WLAN access point u created and select Options > Edit
Look for the WLAN security settings then look for WEP key settings
u can change the WEP key there
if my post helped u out, please click the Star next to it to add some KUDOS to my name -
Cisco 851W - Internal WLAN and Guest WLAN
I have a Cisco 851W Router, which has an IPSEC Tunnel back to my corporate office.
I want to configure 2 WLANS, one for my internal network (vlan 1) which will have access to my corporate network, and one for guests which will just be for outbound internet access (http, https, ftp, sftp, etc ..).
I have not been able to find any Cisco Documentation with how to accomplish. Can someone inform me where I can find this or supply me with some configuration examples?create 2 ip dhcp pools on the router for the 2 types of clients
create wlan for each type of client
I'm assuming a wlc is involved, then hreap and allow both vlans, procedure will be slightly different for standalone
acl by address to ban traffic from ipsec tunnel- easier on a WLC interface than on the router, no wlc then on the router
bob -
I need to setup a guest wlan on a single 5508 controller. Currently all of my ap's are in h-reap mode and all in remote buildings connected via a high speed wireless wan.
The guest network could consist of 500 users in the near future, so i'm wondering what is the best way to configure the guest wlan so I don't have one big broadcast domain across my entire network?Ok. I already have my ap's in ap groups (per building) and I have different vlans in each building with the same ssid company wide. I'm doing this via h-reap.
My question is how do I accomplish the same thing with the guest wlan, but without h-reap. Or do i use h-reap and just setup acl's to block the traffic? But then does web authentication work the same?
The confusion for me comes in at the controller level with the guest-wlan interface I created having to be attached to a vlan. Is this not needed to do web authentication?
Thanks,
Dan. -
RADIUS Bandwidth limit on guest WLAN
Hi Everyone,
I'm running a WLAN scenario which includes a WLC 5508 (7.0) and a bunch of CAPWAP access points. I just deployed a guest SSID that implements a RADIUS server (freeRadius) for authentication and accounting the guest users and everything works fine. However I need to limit the bandwidth on a per-user basis having different BW allocated on the users.
In other words:
SSID: "Guest-SSID" with web authentication
Users (download/upload bandwidth limit in kbps): user1 (512/512), user2 (1024/1024), user3 (512/2048)
When user1 connects, he will be able to download/upload at a 512 Kbps data rate, same as user2 with a d/u 1024 Kbps data rate. And user3 will be able to download at 512 Kbps and upload at 2048 Kbps. The 3 users will be connected on the same SSID: "Guest-SSID".
I've been searching and found that the WLC honors some Airespace attributes that may do the magic, however they are not documented anywhere else but the WLC Configuration Guide. I have modified the freeradius Airespace dictionary but when authenticating, when the RADIUS sends the accept message incluiding the attributes, the WLC shows attribute is considered as unknown, even though the conf. guide shows they must be supported.
I guess it may be caused by a wrong attribute name. Is there something else missing?
This is the WLC AAA debug detail:
(Cisco Controller) >*aaaQueueReader: Mar 19 18:35:08.705: AuthenticationRequest: 0x30b56248
*aaaQueueReader: Mar 19 18:35:08.705: Callback.....................................0x10770a64
*aaaQueueReader: Mar 19 18:35:08.706: protocolType.................................0x00000001
*aaaQueueReader: Mar 19 18:35:08.706: proxyState...................................F4:09:D8:20:11:2F-00:00
*aaaQueueReader: Mar 19 18:35:08.706: Packet contains 11 AVPs (not shown)
*radiusTransportThread: Mar 19 18:35:08.708: AuthorizationResponse: 0x13e25bb0
*radiusTransportThread: Mar 19 18:35:08.708: structureSize................................216
*radiusTransportThread: Mar 19 18:35:08.708: resultCode...................................0
*radiusTransportThread: Mar 19 18:35:08.708: protocolUsed.................................0x00000001
*radiusTransportThread: Mar 19 18:35:08.708: proxyState...................................F4:09:D8:20:11:2F-00:00
*radiusTransportThread: Mar 19 18:35:08.708: Packet contains 9 AVPs:
*radiusTransportThread: Mar 19 18:35:08.708: AVP[01] Unknown Airespace / Attribute 7..........0x00000100 (256) (4 bytes)
*radiusTransportThread: Mar 19 18:35:08.708: AVP[02] Unknown Airespace / Attribute 8..........0x00000100 (256) (4 bytes)
*radiusTransportThread: Mar 19 18:35:08.708: AVP[03] Unknown Airespace / Attribute 9..........0x00000180 (384) (4 bytes)
*radiusTransportThread: Mar 19 18:35:08.708: AVP[04] Unknown Airespace / Attribute 10.........0x00000180 (384) (4 bytes)
*radiusTransportThread: Mar 19 18:35:08.708: AVP[05] Unknown Airespace / Attribute 11.........GRN-Test (8 bytes)
*radiusTransportThread: Mar 19 18:35:08.708: AVP[06] Unknown Airespace / Attribute 13.........0x00000100 (256) (4 bytes)
*radiusTransportThread: Mar 19 18:35:08.708: AVP[07] Unknown Airespace / Attribute 14.........0x00000100 (256) (4 bytes)
*radiusTransportThread: Mar 19 18:35:08.708: AVP[08] Unknown Airespace / Attribute 15.........0x00000180 (384) (4 bytes)
*radiusTransportThread: Mar 19 18:35:08.708: AVP[09] Unknown Airespace / Attribute 16.........0x00000180 (384) (4 bytes)
*aaaQueueReader: Mar 19 18:35:08.718: AccountingMessage Accounting Start: 0x30b56248
*aaaQueueReader: Mar 19 18:35:08.718: Packet contains 14 AVPs:
*aaaQueueReader: Mar 19 18:35:08.718: AVP[01] User-Name................................0x6173 (24947) (2 bytes)
*aaaQueueReader: Mar 19 18:35:08.718: AVP[02] Nas-Port.................................0x0000001d (29) (4 bytes)
*aaaQueueReader: Mar 19 18:35:08.718: AVP[03] Nas-Ip-Address...........................0xc0a89605 (-1062693371) (4 bytes)
*aaaQueueReader: Mar 19 18:35:08.718: AVP[04] Framed-IP-Address........................0xc0a8967b (-1062693253) (4 bytes)
*aaaQueueReader: Mar 19 18:35:08.718: AVP[05] NAS-Identifier...........................WLC-CCIE (8 bytes)
*aaaQueueReader: Mar 19 18:35:08.718: AVP[06] Airespace / WLAN-Identifier..............0x00000006 (6) (4 bytes)
*aaaQueueReader: Mar 19 18:35:08.718: AVP[07] Acct-Session-Id..........................550b5d2c/f4:09:d8:20:11:2f/2 (28 bytes)
*aaaQueueReader: Mar 19 18:35:08.718: AVP[08] Acct-Authentic...........................0x00000001 (1) (4 bytes)
*aaaQueueReader: Mar 19 18:35:08.719: AVP[09] Tunnel-Type..............................0x0000000d (13) (4 bytes)
*aaaQueueReader: Mar 19 18:35:08.719: AVP[10] Tunnel-Medium-Type.......................0x00000006 (6) (4 bytes)
*aaaQueueReader: Mar 19 18:35:08.719: AVP[11] Tunnel-Group-Id..........................150 (3 bytes)
*aaaQueueReader: Mar 19 18:35:08.719: AVP[12] Acct-Status-Type.........................0x00000001 (1) (4 bytes)
*aaaQueueReader: Mar 19 18:35:08.719: AVP[13] Calling-Station-Id.......................192.168.150.123 (15 bytes)
*aaaQueueReader: Mar 19 18:35:08.719: AVP[14] Called-Station-Id........................192.168.150.5 (13 bytes)
My Airespace dictionary:
VENDOR Airespace 14179
BEGIN-VENDOR Airespace
ATTRIBUTE Airespace-Wlan-Id 1 integer
ATTRIBUTE Airespace-QOS-Level 2 integer
ATTRIBUTE Airespace-DSCP 3 integer
ATTRIBUTE Airespace-8021p-Tag 4 integer
ATTRIBUTE Airespace-Interface-Name 5 string
ATTRIBUTE Airespace-ACL-Name 6 string
ATTRIBUTE Airespace-Data-Bandwidth-Average-Contract 7 integer
ATTRIBUTE Airespace-Real-Time-Bandwidth-Average-Contract 8 integer
ATTRIBUTE Airespace-Data-Bandwidth-Burst-Contract 9 integer
ATTRIBUTE Airespace-Real-Time-Bandwidth-Burst-Contract 10 integer
ATTRIBUTE Airespace-Guest-Role-Name 11 string
ATTRIBUTE Airespaces-Data-Bandwidth-Average-Contract-Upstream 13 integer
ATTRIBUTE Airespace-Real-Time-Bandwidth-Average-Contract-Upstream 14 integer
ATTRIBUTE Airespace-Data-Bandwidth-Burst-Contract-Upstream 15 integer
ATTRIBUTE Airespace-Real-Time-Bandwidth-Burst-Contract-Upstream 16 integer
VALUE Airespace-QOS-Level Bronze 3
VALUE Airespace-QOS-Level Silver 0
VALUE Airespace-QOS-Level Gold 1
VALUE Airespace-QOS-Level Platinum 2
END-VENDOR Airespace
This is the configuration guide I'm using:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0MR1/configuration/guide/wlc_cg70MR1/cg_security_sol.html#pgfId-1457964
Table 6-5.
Any help will be really apreciated!
Regards!
Jonathan S.If you choose to create an entry on the RADIUS server for a guest user and enable RADIUS authentication for the WLAN on which web authentication is performed rather than adding a guest user to the local user database from the controller, you need to assign the QoS role on the RADIUS server itself. To do so, a “guest-role” Airespace attribute needs to be added on the RADIUS server with a datatype of “string” and a return value of “11.” This attribute is sent to the controller when authentication occurs. If a role with the name returned from the RADIUS server is found configured on the controller, the bandwidth associated to that role is enforced for the guest user after authentication completes successfully.
-
[WLC - CWA] [ISE] Wlan Portal with Local Switiching
Description: Guest Portal ISE (WLAN) in a Flexconnect local switching enviorment.
Problem: The communication stops everytime we turn on the feature Radius NAC on the WLC.
We are trying to use Central WebAuth in a Flexconnect environment and with so the procedure that we are using it´s the one that´s available in the cisco DOCS ( http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116087-configure-cwa-wlc-ise-00.html ) but there´s something occuring in my setup. I´ve configured step by step the WLC and ISE in accordance with previous DOC but I can´t establish communication everytime I turn on the feature RADIUS NAC in the WLC.
All the ACL´s were configured, I can see the ISE policy beeing sent to the client but when the PC tries to establish the connection to him nothing leaves the PC ( a simple ping was done ). I´ve tried a bunch of setups to see if it was a misconfiguration or something else but at the end , everytime I trun on the NAC feature the final client looses all the comms to anywere.
You can see in the following attachment the setup of WLC, and AP with flexconnect groups (I´ve also tried without a group but the final result was the same)
We are using a WLC 5500 with 7.6.120.0 ( http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76.html ) and the only thing I can foun is a simple note stating,
"Flex local switching with Radius NAC support is added in Release 7.2.110.0. It is not supported in 7.0 Releases and 7.2 Releases. Downgrading 7.2.110.0 and later releases to either 7.2 or 7.0 releases will require you to reconfigure the WLAN for Radius NAC feature to work."
In the Flexconnect Feature Matrix the RADIUS NAC is supported in a local switching enviorment ( http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112042-technote-product-00.html?referring_site=RE&pos=3&page=http://www.cisco.com/c/en/us/support/docs/wireless/flex-7500-series-wireless-controllers/113605-ewa-flex-guide-00.html) but what we´ve found out so far it´s the other way around.
Another thing that we´ve found is that in the version 7.4 configuration guide ( http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_0110100.html#ID2372 ) cisco says that the "FlexConnect local switching is not supported."
So, after seeing several docs my question is: Does Cisco support Radius NAC in a local switching environment ?Viten,
tnx for the quick reply but,
a) what do you mean by webauth ( http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116087-configure-cwa-wlc-ise-00.html) ?
b) When I say comms stop is that I´m simple using ping as a test to see what happens in the client.Whenever I activate the radius feature the final client (laptop) ceases all comms in a local switching environment.
BR,
DS -
Hi all,
I'm having problems when trying to apply an ACL to my WLC dynamic interfaces. I have three WLANs that I wish to keep separated and am using ACLs that I have configured on the controller, the only problem is they don't seem to work!
Ping test from 10.201.32.11 on WLAN1 to 10.201.27.41 on WLAN2 works and the current ACL is below:
1 Out 10.201.32.0/255.255.252.0 10.201.24.0/255.255.252.0 Any 0-65535 0-65535 Any Deny 0
2 In 10.201.24.0/255.255.252.0 10.201.32.0/255.255.252.0 Any 0-65535 0-65535 Any Deny 0
3 Out 10.201.32.0/255.255.252.0 10.201.28.0/255.255.255.0 Any 0-65535 0-65535 Any Deny 0
4 In 10.201.28.0/255.255.255.0 10.201.32.0/255.255.252.0 Any 0-65535 0-65535 Any Deny 0
5 Out 10.201.32.0/255.255.252.0 192.168.200.0/255.255.255.224 Any 0-65535 0-65535 Any Deny 0
6 In 192.168.200.0/255.255.255.224 10.201.32.0/255.255.252.0 Any 0-65535 0-65535 Any Deny 0
7 Any 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0 Any 0-65535 0-65535 Any Permit 69
DenyCounter : 0
Each WLAN is sat on its own separate dynamic interface and own unique subnet.
Any suggestions would be most appreciated.
Thanks.Hi,
Keep in mind the direction of the ACL.
In means from client destined to WLC
Out means from WLC destined to client.
It should look like this:
Index Dir IP Address/Netmask IP Address/Netmask Prot Range Range DSCP Action Counter
1 In 10.201.32.0/255.255.252.0 10.201.24.0/255.255.252.0 Any 0-65535 0-65535 Any Deny 0
2 Out 10.201.24.0/255.255.252.0 10.201.32.0/255.255.252.0 Any 0-65535 0-65535 Any Deny 0
Don't forget to apply the ACL on interface or on WLAN.
Regards,
Christos.
Maybe you are looking for
-
Insert or update via ViewObjectImpl or ApplicationModuleImpl
How can I insert or update a database from java code? I am attempting to do this in a subclass of ApplicationModuleImpl? The code below throws RowValException: JBO-27024: Failed to validate a row with key ConcUserLoginViewImpl culv =(ConcUserLoginVie
-
Hi All, When am trying to settle one internal order to an asset, System is selecting the amount from all the cost elements which have carried the cost. But if i want to settle only from one cost element how should i do that. Ex: Order 700002 Cost ele
-
Using JDev 11gPS4 I have a java class that i want to use as a DC: (simplified) public class AccountDC { public AccountDC() { super(); public void insertAccount(Account account){ //Do some things }Account: public class Account
-
Order confirmation ...smartform...urgent
hi have requirement where in main window(completed) posnr matnr description quantity unit price amount 10 ch-1000 sap 10.0 25 250 20 ch-100 sap 1 30 30
-
Com.apple.Preview and mf_refimg folders in trash (recovered files) lately
Hi, Lately I am seeing a recovered files folder in the trash with a bunch of Preview folders titled "com.apple.Preview8909_2118585411 " and the like and also some titled "mf_refimg.29" and the like. All have pictures in them. The Preview folder has a